As the Wannacrypt ransomware spread to 99 countries around the world, mainly infecting legacy Windows operating systems, Microsoft has responded with guidance and help for products which have long exited support.
Calling the attacks “painful”, Phillip Misner, Principal Security Group Manager Microsoft Security Response Center, said Microsoft was worked throughout the day to protect their customers.
Microsoft has now released an update for Windows Defender to detect Ransom:Win32/WannaCrypt and recommends additional anti-malware software. They also recommend administrators block legacy file sharing protocols on their network.
Microsoft also notes that these attacks often start via phishing emails, and note that using a cloud email service such as Office 365 means email protections and continuously monitored and updated.
Windows 10 users are unaffected by the attack, and many of the operating systems affected are no longer supported. Microsoft has made the decision, which they say is unusual, but is regularly seen during these high profile attacks, to provide a security update which includes Windows XP, Windows 8, and Windows Server 2003. Microsoft said the decision was based on protecting the Windows ecosystem itself, which seems sensible given the backlash will affect all of Windows’s reputation.
Microsoft has however given in to pressure to patch out of date operating systems repeatedly in the past, which likely reduces the pressure for companies to actually make the jump to more modern operating systems, a move which is somewhat self-defeating to everyone concerned in the end.