It’s been a hectic few hours for security researchers around the world as ransomware ‘WannaCry’ have been causing a menace for organizations and companies worldwide; most notably, the UK’s NHS was also affected leading to disruption in the service’s ability to provide healthcare.
As a result, Microsoft has been forced to publish a security patch to curb the spread of ‘WannaCry’ on systems running the unsupported Windows XP, Windows 8, and Windows Server 2003 operating systems.
It’s a move that Microsoft describes as “highly unusual”, but was made based on an “assessment of the situation”.
“Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful,” says Phillip Minser, Principal Security Group Manager at Microsoft. “Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, broadly available for download,” he continued.
The links for this security patch are available on Microsoft’s blog. Windows 10 users with the March security update or the Creators Update remain unaffected by the ransomware.
Microsoft usually charges a hefty fee to provide custom support for older versions of Windows – something that the UK government thought it could do without. It’s nice of Microsoft to make this security update broadly available, but it’s also imperative for Redmond to do so – after all, the reputation of Windows is on the hook.
In either case, this should be yet another reminder regarding why exploits should be disclosed by governments rather than kept secret. ‘WannaCry’ relies on an exploit discovered by the NSA and leaked by a hacker collective known as The Shadow Brokers back in April; if the exploit was disclosed and patched in a timely manner, this epidemic could have been prevented.