{"id":7637,"date":"2017-05-14T12:30:07","date_gmt":"2017-05-14T20:30:07","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/05\/14\/news-1422\/"},"modified":"2017-05-14T12:30:07","modified_gmt":"2017-05-14T20:30:07","slug":"news-1422","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/05\/14\/news-1422\/","title":{"rendered":"Patching Windows XP against WannaCry ransomware"},"content":{"rendered":"<p><strong>Credit to Author: Michael Horowitz| Date: Sun, 14 May 2017 12:56:00 -0700<\/strong><\/p>\n<p>Microsoft just released a patch for Windows XP that fixes a file sharing flaw being exploited by the <a href=\"http:\/\/www.computerworld.com\/article\/3196686\/security\/kill-switch-helps-slow-the-spread-of-wannacry-ransomware.html\">WannaCry ransomware<\/a>. Here&#8217;s how to install it.\u00a0<\/p>\n<p>You can download <em>some<\/em> versions of the patch using links at the bottom of this May 12th \u00a0Microsoft article: <a href=\"https:\/\/blogs.technet.microsoft.com\/msrc\/2017\/05\/12\/customer-guidance-for-wannacrypt-attacks\/\">Customer Guidance for WannaCrypt attacks<\/a>. The full list of patch variants, including languages other than English, is in the Windows Catalog, just <a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=KB4012598\">search for KB4012598<\/a>. Windows Update does not work on XP.<\/p>\n<p>For an x86 machine with Service Pack 3 installed, the downloaded file name is\u00a0<\/p>\n<p><code>windowsxp-kb4012598-x86-custom-enu_eceb7d5023bbb23c0dc633e46b9c2f14fa6ee9dd.exe<\/code><\/p>\n<p>I know, its looks like malware itself. The file is small, only 665K. Logon as an Administrator and, for good luck, make a <strong>Restore Point<\/strong> first thing.<\/p>\n<p>To see if System Restore is enabled, right click on My Computer, get the Properties and go to the System Restore tab. To actually make the Restore Point, go to Start -&gt; Programs -&gt; Accessories -&gt; System Tools -&gt; System Restore.<\/p>\n<p>The installation process is simple.<\/p>\n<p>1. Wizard warns you to backup your system and close all open programs <br \/>2. Then you have to agree to a license <br \/>3. Installing the patch takes only a few seconds, even on old hardware. It first asks you to wait while it &#8220;inspects your current configuration, archives your current files and updates your files.&#8221; Then it makes a restore point.\u00a0<br \/>4. When its all done, it wants you to reboot<\/p>\n<p>After rebooting, you can verify that the patch was correctly installed using Add or Remove Programs in the Control Panel. You first need to turn on the checkbox to &#8220;Show updates.&#8221; Then scroll down looking for the &#8220;Windows XP &#8211; Software updates&#8221; section. It should be huge.<\/p>\n<p>In this section, look for &#8220;Security Update for Windows XP (KB4012598)&#8221; with the current date as the date installed. Considering this is Windows XP, the installation date should stick out like a sore thumb. On two machines that I tested, it was, fortunately, the last entry in the list.<\/p>\n<p>The fix applies to the file sharing component of Windows (Server Message Block or SMB) and thus prevents an XP machine from being <strong>infected over a LAN<\/strong> (Local Area Network). However, it <strong>would not protect<\/strong> an XP machine that was attacked another way, via email, for example.<\/p>\n<p>I checked around (<a href=\"https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?id=5201\">here<\/a> and <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/14210\/security-essentials-download\">here<\/a>) and Microsoft has not issued an update to their free anti-malware software, Security Essentials, for Windows XP. When XP went off support, it was denied access to Security Essentials. Thus, <strong>XP machines remain vulnerable<\/strong> to WannaCry, just not via file sharing on a LAN.<\/p>\n<p>To <em>fully<\/em> protect an XP machine requires a third party antivirus product. Lotsa luck with that.<\/p>\n<p>BitDefender <a href=\"https:\/\/www.bitdefender.com\/news\/-3289.html\">bragged today<\/a> that they can protect against <a href=\"https:\/\/en.wikipedia.org\/wiki\/WannaCry_cyber_attack\">WannaCry<\/a>, but they <a href=\"https:\/\/www.bitdefender.com\/solutions\/antivirus.html\">do not support Windows XP<\/a>. Neither does <a href=\"https:\/\/www.avira.com\/en\/avira-optimization-suite\">Avira<\/a>, <a href=\"http:\/\/store.trendmicro.com\/store\/tmamer\/custom\/pbpage.resp-3up\">Trend Micro<\/a> or <a href=\"https:\/\/www.f-secure.com\/en_US\/web\/home_us\/total?icid=1715\">F-Secure<\/a>. <a href=\"https:\/\/usa.kaspersky.com\/antivirus\">Kaspersky<\/a> still supports XP, but their website says nothing about WannaCry.\u00a0<\/p>\n<p>So, yes, Microsoft released a patch for Windows XP. But now you know the rest of the story.\u00a0<\/p>\n<p>FEEDBACK<br \/>Get in touch with me privately by email at my full name at Gmail. Public comments can be directed to me on twitter at @defensivecomput<\/p>\n<p><a href=\"http:\/\/www.computerworld.com\/article\/3196289\/security\/patching-windows-xp-against-wannacry-ransomware.html#tk.rss_security\" target=\"bwo\" >http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Michael Horowitz| Date: Sun, 14 May 2017 12:56:00 -0700<\/strong><\/p>\n<article>\n<section class=\"page\">\n<p>Microsoft just released a patch for Windows XP that fixes a file sharing flaw being exploited by the <a href=\"http:\/\/www.computerworld.com\/article\/3196686\/security\/kill-switch-helps-slow-the-spread-of-wannacry-ransomware.html\">WannaCry ransomware<\/a>. Here&#8217;s how to install it.\u00a0<\/p>\n<p>You can download <em>some<\/em> versions of the patch using links at the bottom of this May 12th \u00a0Microsoft article: <a href=\"https:\/\/blogs.technet.microsoft.com\/msrc\/2017\/05\/12\/customer-guidance-for-wannacrypt-attacks\/\">Customer Guidance for WannaCrypt attacks<\/a>. The full list of patch variants, including languages other than English, is in the Windows Catalog, just <a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=KB4012598\">search for KB4012598<\/a>. Windows Update does not work on XP.<\/p>\n<p class=\"jumpTag\"><a href=\"\/article\/3196289\/security\/patching-windows-xp-against-wannacry-ransomware.html#jump\">To read this article in full or to leave a comment, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[10629,11072,714,11079],"class_list":["post-7637","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-cyberattacks","tag-cybercrime-hacking","tag-security","tag-windows-pcs"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7637","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=7637"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7637\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=7637"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=7637"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=7637"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}