Saturday, 13 May 2017

Info on the NHS (etc) WannaCry RansomWare attack


The Windows vulnerability is not a zero-day flaw, but one for which Microsoft had made available a security patch on 14 March 2017 - almost exactly two months before. The patch was to the Server Message Block protocol used by Windows.

Organisations that lacked this security patch were affected for this reason, and there is so far no evidence that any were specifically targeted by the ransomware developers. Any organisation still running the end-of-life Windows XP, would be particularly at risk, as no security patches for that have been issued by Microsoft since April 2014. As of 2016, thousands of computers in 42 separate NHS trusts in England were reported to be still running Windows XP.

This, dear readers, is why you need to be running up to date, patched systems, protected by quality antivirus software. Don't say that you haven't been warned...