Microsoft has been working to issue patches in light of the large scale ransomware attack that affected some 99 countries yesterday. Blog here: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
Commenting on the move is security expert Andrew Clarke, EMEA director for One Identity:
“This is an unusual move by Microsoft and serves to demonstrate the seriousness of this type of attack. In an update blog Microsoft declared, “Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003.” IT teams with these type of platforms need to act quickly and implement the update to enable them to operate safely next week.
With hindsight, this incident stresses the importance of continual risk assessments of an organisation’s business operations; from fundamental patch management to wider issues that consider access. It re-enforce the significance of getting Identity and Access Management right, as it was only a matter of time before an attack happened on this large of a scale to take advantage of those organisations who haven’t taken this critical step.”
And Andreas Kuehlmann, Senior Vice President and General Manager at Synopsys also weighed in:
“The WannaCry ransomware outbreak is a wakeup call for the world. It highlights not only our interconnectedness and deep-seated dependence on technology, but the massive challenge we face in securing the ecosystem of software and systems we rely on. Software is not just eating the world—it is the world we live in today. Motivated attackers—whether they are criminals, activists, or nation states—continue to find ways to exploit vulnerabilities in software to serve their own agendas. That is why the security and quality of software is so important in the current operating landscape. Forward-thinking organizations know that they must be able to account for the integrity of every piece of software that is exposed to the Internet.
“Patches for the underlying vulnerabilities exploited by WannaCry have been available for nearly two months, yet numerous organizations have fallen victim to these attacks because they failed to apply the patches in a timely manner or were using legacy systems that could not be patched. Cybersecurity is not just a matter of technology; it is an organizational challenge that needs to be addressed holistically. It requires a fundamental shift in the way we design, develop and deploy technology throughout its entire lifecycle and how we understand and manage risk throughout the software supply chain.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.