The original WannaCry does NOT infect Windows XP boxes

Topic

New Reply

I’ve been saying that for a week now – sometimes fighting over it. I’m not saying the EternalBlue infection method doesn’t work on XP. (Sorry for the
[See the full post at: The original WannaCry does NOT infect Windows XP boxes]

Reply | Quote

Replies

So what then, was all the fuss about disabled NHS computers running under XP?

Reply | Quote

XP Embeded computers, those paying MS for extended support, were updated in March like the rest of the versions of Windows. Those computers must not have been XP Embeded or they had not been updated with the March patch that fixed the vulnerability.

Reply | Quote

I think the fuss was mainly the Press jumping to conclusions, aka fake news.

1 user thanked author for this post.

woody

Reply | Quote

That’s precisely correct.

I fought many a battle over this. I was right – the overwhelming majority of those in the press were (and still are) wrong. The “NHS doesn’t have enough money and their ancient XP machines got hit” reporting was complete BS.

The Win10 infections are likely self-inflicted. XP doesn’t even make the list. Source: Kaspersky.

1 user thanked author for this post.

satrow

Reply | Quote

Microsoft issued a fix for XP that was supposed to stop this exploit (gratis and all that). So it was just all PR stunt on their part. They were congratulated for releasing the patch – did they know otherwise?

How does this boost their trust quotient?

Reply | Quote

I’m not saying the EternalBlue infection method doesn’t work on XP. (Sorry for the double negative.) What I am saying is that no Windows XP boxes were infected, in the wild, by the original WannaCry worm.

The post says the original WannaCry worm did not infect XP boxes.

The patch Microsoft issued for XP fixed the EXPLOIT. It includes the original worm because it fixes the vulnerability that it uses. It will also prevent any new versions that use that vulnerability as well.

So, yes, Microsoft should be congratulated for making it available for free to ALL versions of XP

2 users thanked author for this post.

Noel Carboni, woody

Reply | Quote

Precisely correct, on all counts.

Reply | Quote

Microsoft didn’t really need to release the patch for XP because security firms were providing signatures to antivirus and endpoint security products as soon as the threat was identified. Most were already out before MS released their patch.

Windows XP has accumulated hundreds of vulnerabilities since extended support came to an end. They all require a premium payment to fix. Releasing the patch helped – don’t get me wrong- but you will notice that they made a big deal about it. They geared up their PR machine at the same time they released the patch.

Reply | Quote

I disagree. Signatures for AV products are great, but the EternalBlue exploit is devious.

Far better to cut it off at the source – buggy SMBv1 drivers – with MS17-010.

As far as gearing up the PR: Sure. Absolutely.

Reply | Quote

Typical active antivirus “security” is tantamount to inviting all the local criminals into your house for tea and hiring a security guard to watch them closely. Sure, you catch most of them most of the time before they pocket your silverware, and they often do actually leave when the guard kicks them out, but…

Wouldn’t it be much, much better just not to invite them in to begin with? Don’t forget that the security guard eats your food and drinks your beer, and calls his company occasionally to report on you…

Never, but never put blind faith in an antivirus package. It’s a LAST line of defense, not a security strategy, and you might find you’re having to pay that security guard an awful lot, all the while you’re not enjoying your home as much.

-Noel

1 user thanked author for this post.

woody

Reply | Quote