Microsoft: Ransomware Targets Out-of-Date PCs Only

Posted on May 13, 2017 by Paul Thurrott in Windows with 79 Comments

Microsoft: Ransomware Targets Out-of-Date PCs Only

As you may have heard, a massive ransomware attack has infected PCs in at least 99 countries. But Microsoft says that it had already fixed the vulnerability that enabled this attack. Meaning that the PCs that were successfully attacked had not been updated in a timely manner.

“On May 12, 2017 we detected a new ransomware that spreads like a worm by leveraging vulnerabilities that have been previously fixed,” a Microsoft Malware Protection Center blog post notes. “While security updates are automatically applied [to] most computers, some users and enterprises may delay deployment of patches. Unfortunately, the malware, known as WannaCrypt, appears to have affected computers that have not applied the patch for these vulnerabilities. While the attack is unfolding, we remind users to install MS17-010 if they have not already done so.”

In case you missed the implicit admonition there, Microsoft has switched Windows 10 to a servicing model it calls Windows as a Service, or WaaS, the idea being that it’s only possible to keep all Windows users safe if all Windows users keep their PCs up-to-date with security fixes. Under this system, all Windows 10 PCs are kept up-to-date … unless they are in larger businesses, which still have the option to delay updates for many months. It is these businesses—and those with older Windows PCs who likewise don’t update them in a timely manner–that are at fault for the success of this attack.

The security fix in question, MS17-010, was released two months ago, in March. The ransomware, called WannaCrypt, targets the security vulnerability that was fixed by that update and

While I’m a bit mixed on blaming customers for this issue, it’s interesting that WannaCrypt doesn’t actually spread all that quickly, and it doesn’t use social networking to trick users into doing something stupid. It just targets PCs that were not updated correctly. Had those customers kept their PCs up-to-date with just security fixes, this attack would have been a non-event, Microsoft says.

“Microsoft antimalware telemetry immediately picked up signs of this campaign,” the Microsoft post explains. “Our expert systems gave us visibility and context into this new attack as it happened, allowing Windows Defender Antivirus to deliver real-time defense. Through automated analysis, machine learning, and predictive modeling, we were able to rapidly protect against this malware.”

Like other ransomware attacks, WannaCrypt encrypts the PC’s hard drive, preventing the user from accessing their own data. After decrypting a few files to prove what happened, it then presents a ransom demand: “Pay now, if you want to decrypt ALL your files!”

To prevent this attack from succeeding, all you have to do is keep your PC up-to-date: This vulnerability was fixed two months ago. And Microsoft, in an unprecedented move, is even patching Windows XP, which is no longer supported. (Talk about not keeping your PC up-to-date.)

I’m still researching whether there is an established method to remove this ransomware from your PC if you have been compromised.


Join the discussion!


Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Comments (79)

79 responses to “Microsoft: Ransomware Targets Out-of-Date PCs Only”

  1. emanon2121

    What more can Microsoft do? It issues a patch weeks before it was publicly disclosed and has already been patched for months. If a user hasn't updated it is clearly the fault of the PC user for not updating or using a version of an old is that is clearly not getting security updates. So, again what more can Microsoft do?

    • dhallman

      In reply to emanon2121: I agree with you. In our case we were patched fully. They got in because I had a secondary network access with a simple password on my system. I guess what I find funny is that in the physical world we always blame the thief regardless of the circumstances. I look at an unpatched system like a home with the windows unlocked. With a little poking a thief can get in and take your TV. In my case the doors and windows were locked, but the key was under the mat. As they had time to look around they found a way in. But when was the last time a door manufacturer or general contractor was called to answer why their protection did not stand up to the break in? We own our computers like we own our homes. It is up to us to know when a window is unlocked or our security is not serious enough.

    • skane2600

      In reply to emanon2121:

      In this case they are going to patch XP as well, which is great. But it would be better if MS had a policy of continuing security updates even on very old version of Windows. Would it cost some money? Yes. Would it directly increase revenues? No. But there's an indirect benefit by being seen as protecting the customer and the cost is probably considerably less than what they have spent on failed initiatives such as buying Nokia.

      • lvthunder

        In reply to skane2600:

        And how long should Microsoft continue to patch a version of Windows? XP is 16 years old. In my view if you have to run XP you should not expose it to the Internet.

        • skane2600

          In reply to lvthunder:

          The decision should be driven by what percentage of customers are still using it. My belief is that a business should not be focused on what their customers "should" do, but on what they actually do. So MS would need to consider the cost of continued security updates to XP vs the cost to their reputation if they don't.

      • SmithPM

        In reply to skane2600:

        I agree with your suggestion - they need to reconsider their policy when it comes to critical patches. They also need to do something so that Update is more reliable on older computers. I have a PC with dual boot Windows 7 (for daily use) and Vista (for older software). As a result of Microsoft screwing arund with Update (since the release of Windows 10) when I ask Vista to look for updates it gives the message "Looking for Updates" and nothing happens for hours on end. I applied the patch in question using the standalone version of Update but ordinary users might not do this.

      • skane2600

        In reply to skane2600:

        Apparently some people disagree with me, but the non-tech news outlets are just saying that this latest ransomware is possible due to a flaw in Windows. It doesn't say anything about people using unsupported old versions. This is a major hit against Microsoft's reputation and it doesn't matter much what tech-savvy people think,

        • MikeGalos

          In reply to skane2600:

          The flaw is actually in old IBM OS|2 code still in there to support a flawed old networking toolset still in use by some customers.

        • normcf

          In reply to skane2600:

          It has only been recently that the mainline press has mentioned windows in regards to malware. In the past, they just said "computers", lumping everything together as if macOS, ios, linux, unix and everything else were equally susceptible. The only time they mentioned another os was when it was attacked. I, for one, am glad of some recognition of windows and malware together.

          • skane2600

            In reply to normcf:

            I'm not sure that's correct, but if it was, it was probably assumed by the press and the general public that computers == Windows. The majority probably never heard of linux or unix so their reputations were never in danger.

        • Dont Fear the Future

          In reply to skane2600:

          Bingo. The biggest obstacle for Microsoft is the Media and how people perceive them, regardless of truths or non-truths.

          As of late, Microsoft has been extremely innovative, but they get no kudos from the media for their innovations. In fact, the only time the media talks about Microsoft is in times like this; therefore the general populatin just continues to think that Microsoft is a monopolistic company who's operating system has not advanced from Windows XP, is nothing more that a virus pool, and crashes with the blue screen of death every 5 minutes.

          As a individual who appreciates Microsoft, it is very frustrating.

  2. ivarh

    Hospitals might have older equipment controlled by a windows xp workstation from companies that are no longer around. Not much they can do in that case

    • wright_is

      In reply to ivarh:

      Remove them from the network.

      • ndwilder

        In reply to wright_is:

        Sounds great, except most are connected to other systems for monitoring, control, and reporting. This is why many are now leasing care equipment, so it is routinely replaced and updated, but not every health organization can afford that while trying to keep costs down to provide the care...

    • JudaZuk

      In reply to ivarh:

      There is a lot of things to do .. replace them... trow the old things out .. or at least secure it the best you can ..

    • jrswarr

      In reply to ivarh:

      Yes - I agree this is a problem. The other problem is that update can also break medical software - so updates need to be carefully tested to insure that these devices still work. But many hospitals have a meager IT staff - so many updates are just plain never applied out of fear of rendering critical devices useless - or even worse - dangerous.

  3. red.radar

    If you have a good backup strategy this should only be annoying and not catestrophic.

  4. George Rae

    At least the malware author installed a kill switch, that has been discovered, to stop activation on new infected machines. That's an interesting twist to motivation for this.

  5. Alexander Rothacker

    It's like Slammer all over again. A patch for SQL Server was released long before slammer ever hit, but it still spread like wildfire, because the 'I don't patch' attitude. Drives me crazy.

    And commercial entities and especially hospitals, still using XP is nothing short of negligent.

    • ndwilder

      In reply to Alexander Rothacker:

      If the security issue didn't exist in the first place, it wouldn't be a big deal is the reality.

      • JudaZuk

        In reply to ndwilder:

        so if computers didn't exist this would not be a problem you say? All software have some issues... a lot of them have just not been found yet.. some can impose a risk.

        This is hardly a Microsoft or Windows thing ... the NSA stash contained tools that could attack vulnerabilities in all systems , and when it got known .. the vulnerabilities got patched in all supported systems almost immediately.

    • Narg

      In reply to Alexander Rothacker:

      You just have to chuckle, go back in the Thurrott articles on Windows 10 "forced updates" and read all those folks complaining about updates. They are the one's I'm sure that will suffer from these kinds of issues.

  6. matsan

    Looking at this with non-US eyes makes wonder if a) the backdoor was ordered by NSA and not patched by Microsoft until the backdoor was leaked or b) the NSA kept the backdoor a secret for Microsoft so they could use it when they wanted.

    Regardless - my next computer will run Linux.

    • JudaZuk

      In reply to matsan:

      I guess you missed all the undisclosed vulnerabilities involving Linux that NSA had stockpiled in the same leak that contained the Windows vulnerabilities... and just like Microsoft did with Windows, they patched it ... but if you run an old Linux based system out of support, it did not get fixed, just like Windows XP didn't (except for the companies that payed for extended XP support, i suspect they got a fix , just like Windows XP embedded that have support for a few more years)

    • Narg

      In reply to matsan:

      Linux is just as full of bugs as any OS these days...

  7. Darmok N Jalad

    The real surprise was that they also patched XP!

    • normcf

      In reply to Darmok N Jalad:

      I believe microsoft has been creating XP patches for certain government entities willing to pay, but not sending them out to the world. I think they just needed to let one out.

    • SmithPM

      In reply to Darmok N Jalad:

      A classic case of shutting the barn door after the horse has run away.

      I have an old computer (for runing old software) which has XP still on it (it has very little RAM) and the patch is not much use as for the last several months (probably as a result of Microsoft screwing around with Update since the release of Windows 10) whenever Update starts to run it goes into a loop with a svchost process consuming all available CPU resources.

  8. cheetahdriver

    The New York Times has an Op Ed from an Assistant Professor at UNC on this. It demonstrates quite a bit of absolute ignorance of how the world works. She says a number of foolish things in this article (it's worth reading), among which that MS should be supporting XP for free instead of charging for people who would like the privilege of running a 16 year old operating system. At what point should this stop? Should MS be forced to upgrade Win95 for free still (or at all?)?. I still have multiple systems that run 95/98/xp, because I am required to work with equipment that use these operating systems. For the most part, this equipment is airgapped at my customers (it is certainly my strong recommendation to do so), and if it is connected to the internet, well they pretty much get what they asked for.

    The author also puts forward some of the standard FUD about Win10 being spyware, and complains (with some reason) about constantly changing interfaces in upgrades. So Microsoft gets (rightly in my view) blamed for the Win10 upgrade fiasco, but yet at the same time is to blame because people didn't upgrade their systems, or had legacy software/hardware attached to the internet with a broad attack surface available.

    The professor then advocates a more governmental regulatory system for operating systems(to keep us safe). If you thought Win10 was insecure now, wait until the USG gets through with it.

    It really is one of the more foolish op-eds that has come out of the times in recent history, and demonstrates a propensity for governmental regulation that is astounding to me. The end user has some responsibilities, and if the UK system can't afford to properly run their IT departments, that's on the UK government, not MS.

  9. Narg

    Microsoft warned against using SMB last year...

  10. YouWereWarned

    I wonder how many of the huge number of machines in China that were hit were running pirated XP?

    Microsoft gets sweet revenge via blackhats....

  11. John Scott

    The end user is the biggest threat to a PC. When you think about how these critical systems in health care get attacked because they are running Windows XP. Something is seriously wrong with our health care technology.

  12. ndwilder

    Dear MS, Your Windows Trusted Computing initiative apparently died, or you have still not given the proper resources to the internal teams for Secure Computing to exist. How long did the NSA leverage that weakness before you decided to fix it? Not until the NSA knew their toolkit was leaked...coincidence. How dare you blame others for your own faulty and security issue ridden software. YOU hooked your browser and office products into the OS causing how many issues for how many years? Heard of sandboxing? You don't get to stand on a soapbox and blame others for your poorly written, and definitely not QA tested software. MS leverages customers and die hards to test their software for very little reward. You should have a division dedicated to hacking your products and proactively fixing them. How many times does a third party have to discover problems with your code? How bloated is your code due to Adobe's file layout? Shut up, and quit telling us we're holding the phone wrong. Seriously.

    You want to be a WaaS, leverage the cloud, etc? Then take it seriously or get out of the business. Pay black and white hats to hack your systems, pay more than the competition (criminals), you have the cash.



    • JudaZuk

      In reply to ndwilder:

      "How long did the NSA leverage that weakness before you decided to fix it" How are they suppose to fix something they do not know about?? Unless you missed it, the NSA tool kit that got leaked a few weeks ago contained unknown vulnerabilities for Windows, MacOS and Linux... and iOS and Android

      All patched the vulnerabilities when they found out about them .. Apple, Microsoft etc.

      Computers effected now are unsupported version of Windows... and guess what .. Linux kernel from before 2013 is not getting any support either..

      All systems was effected and Microsoft is absolutely correct in calling out the the dangerous with stockpiling and abusing vulnerabilities by shady government agencies , just as Apple was right in refusing to help CIA with decrypting iPhones and adding backdoors.

      There is not a single system that does not have some vulnerability somewhere.. and you can test things over and over...there will always at some point be someone that finds a problem anyway and might abuse it.

  13. Mr_MDavis


    With all all of the finger pointing going around as to who's fault this is, hackers, NSA, Microsoft, users, I hope that we do not miss the lesson that we should really be learning from this event. Which is: "Backdoor's do NOT work", and this event is great example of it.

    This is true in OS's and for the same reasons it is true for encryption. In this particular case it was the NSA that found/created a backdoor into the affected OS's (no fault here as this is what they do). This is the same NSA that would presumably be the ones entrusted with encryption back door keys because if anyone knows how to keep a secret, or how to protect themselves from internet hacking it is the NSA. Yet here we see that they failed and the "keys" to this backdoor escaped into the wild where hackers (bad guys) are able to use them against the public for ill-gotten gain (which is what they do).

    The same of course will occur if encryption backdoor "keys" ever escape out into the wild. Now some might claim that if this occurred patches could be issued to close the exposed backdoor, but as we can see from this event that this is not always the case. There are actually many legitimate reasons as to why people may not be able to install or use those patches, thus once again leaving many people exposed to hackers attacking them, bank accounts, and so on, perhaps creating even more harm than attacking people's personal computers directly.

  14. compmunkey

    The two most common reasons I see that small businesses and home users not staying current on their updates: 1. Past problem with an update gone bad that caused them serious problems. or 2. One of those horrible "Windows update failed" problems that can be extremely difficult to diagnose and repair. They aren't usually going to call a professional to help them unless the update failure is preventing them from doing something important like install the latest version of Quickbooks etc.

    Ironically, the longer you go without the updates after one or more fails, the harder it is to fix that issue.

  15. bradster62

    I'm not a sysadmin. My systems are updated. But how can I tell if the MS17-010 vulnerability is patched on my system (Version 10.0.15063 Build 15063)? When did windows update apply this patch?

  16. dstrauss

    "To prevent this attack from succeeding, all you have to do is keep your PC up-to-date: This vulnerability was fixed two months ago. And Microsoft, in an unprecedented move, is even patching Windows XP, which is no longer supported. (Talk about not keeping your PC up-to-date.)"

    I'm in the medical or manufacturing fields, and our office keeps things up to date, but have you been to a doctor's office or hospital lately - XP and Windows 7 is EVERYWHERE in highly specialized devices - no wonder they took the brunt of the hit, and for Microsoft and commentators to take cheap shots at institutions for not upgrading equipment that works perfectly well for medical testing purposes is insane - same goes for manufacturing - what other industry gets away with just saying "throw it away and upgrade to our newest shiniest product?"

    • jimchamplin

      In reply to dstrauss:

      Then the manufacturers of the equipment need to be held responsible. They shouldn't design a system that can't receive security updates if the damn thing has to be connected. Does a general-purpose desktop OS actually make sense for a machine that does one thing? No. No it doesn't.

      This really needs to be put on the makers of these life-saving machines and they should be forced to change how they do business.

    • JudaZuk

      In reply to dstrauss:

      "XP and Windows 7 is EVERYWHERE in highly specialized devices" Well first off , Windows 7 is still under support and was patched Windows 7 computers where not effected, as long as they where updated. Windows XP Embedded is actually also still supported.

      Secondly , If you run a hospital.. you better be damn sure your vital systems are secured properly .. vital systems should first off never ever be connected in anyway to the Internet ... firewall or not , they should be siloed off.

      Special life support machines, do they need to check e-mail or update the Facebook status?.. no . And computers should never be able to talk directly to each other.. so if one computer ever gets infected it can not spread it directly to others in the network..

      VLAN and protected ports,, it is not that hard really

      There are many way to protect your systems if you know you have unsupported but vital software your whole business is dependant on.. and if your business is saving lives, it is more important then ever.

      and the search for a replacement for unsupported systems should be always going..

      what did the hospitals in UK do ... they had an extended agreement to get updates for Windows XP after official support ended.. .. but then they cancelled it in 2015 ..good call .. *Sigh*

      " for Microsoft and commentators to take cheap shots at institutions for not upgrading equipment that works perfectly well for medical testing purposes is insane" no is is not insane .. and the comments so far have been far to tame.. .. It does not matter if it "works perfectly well for medical testing purposes" .. if it is not secure, and not only risks patient information and privacy, but also possibly their lives.

      Responsible people should be put in jail for not securing the lives and security of their patients because they willingly and knowingly choose to take a gamble to save a buck..

      Not really any difference to them and a contractor building a 50 storage apartment building in a earthquake zone, and mixing in to much sand in the concrete, and only use half of the steel reinforcement to build it cheaper. The house was finished on time, and for a great price, and it works fine right now .. why are you taking cheap shots at me now when 200 people died when the building feel down.. worked perfectly fine when I left it . ?

    • cheetahdriver

      In reply to dstrauss:

      I have numerous customers using XP (and NT, and 98 and 95) in industrial settings. The difference is that all of these industrial machines are airgapped. Even the ones that are networked are on intranets that are airgapped from the web. If you are presenting an attack surface to the WWW, then you pretty much are asking for it using non-upgraded software. If you aren't attached to the WWW, then you can be using FORTAN IV without issue.

  17. mike2k

    Patching unsupported OS's does nothing but allow people still running them, to keep on running them. Stop it MS!

    • Ezzy Black

      In reply to mike2k:

      I tend to agree with you. Ars had a distribution by country. So why are so many computers affected in places like Russia, China, and Indonesia? They're still using millions of pirated copies of Windows XP. I'd let them deal with it.

  18. ponsaelius

    The reason why they are patching XP is because the UK NHS has a lot of XP computers still working.

    I am in the UK. I have no sympathy with this stupidity. They have the licenses to upgrade but some legacy clinical systems needed IE versions that only work on XP. Crazy stuff.

  19. MikeGalos

    Netmarketshare says that 7% of systems worldwide are vulnerable. That any large, managed systems are on that list is negligence by their administrators to the point of being dangerously or even criminally incompetent.

    There used to be a national agency in the UK, btw, that was responsible for handling security of computer systems in their health system. The agency was killed off in 2014 in a government spending cut and the responsibility, but not the funds to actually carry out the security, was passed down to the individual hospitals who had to choose how much money to take out of existing patient care to spend on security. Yesterday the UK learned the cost of pretending that computer maintenance and security wasn't worth spending on.

    • skane2600

      In reply to MikeGalos:

      Yes, Penny Wise and Pound Foolish seems to be the pattern when it comes to government spending these days. Of course, in the US military spending has the opposite problem - nearly unlimited money to fund "defense" systems that are never going to work. The problem is a contractor can still make a ton of money developing a system whether it works or not.

  20. MikeCerm

    This ransomware can be removed using the same general steps as all other ransomware. Reboot to Safe Mode, check all auto-run entries for suspicious executables, check AppData, ProgramData, Program Files (etc.) for unknown executables. Then run something like Malwarebytes.

    The method that it spreads is new among ransomware, but once it's there it acts like other ransomware and can be removed just as easily.

    • evox81

      In reply to MikeCerm:

      Did you fail to read the article? This malware encrypts all of the content of your hard drive. Sure, you can get rid of the program itself, but they all of your stuff is encrypted and unusable. Your suggestion is the equivalent of saying "just format your hard drive and reinstall Windows". Sure, that solves the malware problem, but all of your stuff is still gone.

    • Darmok N Jalad

      In reply to MikeCerm:

      I guess the problem here would be that in encrypts the files. If you remove the program that encrypted them, won't that also mean you removed the only program that can restore them? If you have backups and you don't need to recover the files, I'd probably prefer a clean start just to be sure I didn't miss anything else they may have done.

  21. rameshthanikodi

    It seems like things go wrong whenever an IT administrator interferes with security.

  22. Waethorn

    Hackers? Or Microsoft false flag to push Windows Store apps and Windows 10 S?

  23. brettscoast

    There is a clear resounding message for everyone with this ransomware attack backup your critical data regularly and yes install any security updates immediately. If your files are encrypted and that will include data in your onedrive/dropbox account connected to the PC external usb hard drives you are pretty well screwed. The only option you will have is to reformat your system complete reinstall of windows programs/apps etc. It's a harsh lesson.

    • dhallman

      In reply to brettscoast: In our case onedrive files were not affected. It concerned me that the local files, once alerted, could have automatically overwritten the cloud storage - but the altered files were renamed so the backups were safe. Our attack was on the same day, but a variant of the attacks seen in the screenshots on this site and in the news. So others may not be able to rely on my experience. And future attacks may adapt to this simple protection plan. I am rethinking a more reliable solution going forward...

  24. Bart

    MS should send out the XP fix as Ransomware. Unlock your PC if you upgrade to Windows 10

  25. dhallman

    We were hit by this. Not because we were not updated. Everything was on Windows 10 Creators Update with all the latest service packs. I expect they used a remote access port I had opened on the router for use when I was off property or on vacation and then found out I had setup a simple user access for use by networked systems that were running POS off the reception system. My fault. I left all this available. The good news is I keep everything backed up daily. So I just wiped and restored from UEFI, installed Creators update from a USB I keep handy, downloaded my applications from cloud storage and restored the backups. The process was simple enough. But the task was slow. 6 hours slow - not a day or two as some will be experiencing. Of course I closed the remote port and will only use as required and not leave it open. And all passwords were changed, with networked systems now connecting by saved secure credentials. As the last time I had a similar issue was because of a lightning strike I have decided to keep a clone of this system on hand. In the future I will just have to swap out, install updates and recover backups. I should also set a biannual reminder to power up the system to install updates to ensure recovery is quicker...

    • Delmont

      In reply to dhallman:

      Jesus, I'm glad you don't support I.T. where I work. You'd be fired with this mess of a story.

      • ndwilder

        In reply to Delmont:

        Firing IT staff sounds great, try it sometime, and see how much knowledge you just lost, factor in the cost of turnover and actually finding a good replacement. Everyone makes mistakes, it's learning from the mistakes and not repeating them that should be focused on.

      • Narg

        In reply to Delmont:

        Retail IT is plagued by shortage of the money needed to keep up to date. If you worked for such a type of business, you'd understand why you have outdated systems. PCI is pretty much a failure. The banks attempted to force the security they should have had in place onto the retailer. It's still less than 50% implemented (in part, far less in total) Banks could solve PCI far easier and faster, but they still force the costs to businesses that can't afford it, or push that cost onto their customers.

    • Alexander Rothacker

      In reply to dhallman:
      I expect they used a remote access port I had opened on the router for use when I was off property or on vacation and then found out I had setup a simple user access for use by networked systems that were running POS off the reception system.

      If you are accepting credit cards on that POS system, then you are/were in violation of PCI and any CC fraud happening would be on you.

      I've seen other instances of this malware attacking through RDP.

  26. SvenJ

    Wanted to point out that the genesis of this ransomware was NSA discovered exploits, leaked or stolen, and then published. MS did a great job at getting these things patched, and I'm not pointing fingers, except at the irresponsible parties that published the exploits. My point was to think about this in the context of built in backdoors to encryption that some government agencies are after. If it exists, it will get out, and at that point we are all screwed, including the government agencies. I'm not thinking about this from the point of my privacy, or even the integrity of the people who may use it responsibly, but from the point of view of it falling into the wrong hands. We know that has happened and will again.

    • matsan

      In reply to SvenJ:

      I can not understand why you think the people publishing the exploits are the ones to blame. If they wouldn't have published, nsa would still have access to anyone's computer based on their whim. Now someone took that exploit and added a ransomware instead of a remote control tool from nsa or fbi.

      • Jules Wombat

        In reply to matsan:

        The NSA held on, and exploited these vulnerabilities for two years, before it was discovered and notified to Microsoft, who responded reasonably quickly. The NSA are coming out of this very ugly, I hope they get the $ Bill.

        Its very arrogant to blame the users not to have upgraded their systems. Microsoft only patched , a month or so back, and now our National Health Services is in crisis, and many other Government institutions, paid by tax payers. Those goverment institutions don't have the necessary funding to keep upgrading/patching their networks, which in istelf is a type of ransomeware. Microsoft should have at least been more active with their premier customers, hoping they are helping sort this mess out.

        Hard lesson learnt, don't rely upon networked or cloud backups, get back to periodic physical backups.

      • skane2600

        In reply to matsan:

        It depends. If the NSA went looking for these vulnerabilities with the intent to take advantage of them that would be quite different than trying to do a public service. There's no guarantee that just because one group or individual discovered a flaw, that others will find it as well ( a number of flaws went undiscovered for a decade even with the source code available).

        So it's really a balance of risk - the risk of a 3rd party exploiting an unreported flaw vs the risk of a 3rd party exploiting a reported flaw that they wouldn't have known about otherwise. I imagine that some vulnerability hunters aren't always motivated strictly for the greater good but would like to get credit for their discoveries ASAP.

  27. mortarm

    >...WannaCrypt, targets the security vulnerability that was fixed by that update and