How do patches work? Could the Microsoft patch have stopped WannaCryptor? All your questions answered.
Three years after Microsoft said it was ending support for Windows XP, it announced on May 12th 2017 that it was issuing a security update for the operating system, as well as Windows 8.0 and Windows Server 2003, both of which are in custom support only. That’s two months after the same patch was released for supported versions of Windows.
The reason was all too clear. Earlier that day, cybercriminals launched a ransomware attack that exploited vulnerabilities in these older systems. WannaCryptor – aka WannaCry – was global in scope, affecting organizations in some 150 countries. Something out of the ordinary had to be done.
“We are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only,” Phillip Misner, Principal Security Group Manager at Microsoft Security Response Center, said at the time.
“Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful.”
The security update was an example of patching, a term yet unknown to many, but extremely commonplace and well understood by the infosec community. In this feature, we answer key questions about patches.
What is a patch?
First things first. If you’ve ever had to fix a puncture in a bike tyre, you’re halfway there to understanding the concept of a patch. In the context of security, “patches” are issued by companies when security flaws are uncovered.
By way of a more specific definition, a security patch is an update to a piece of software or program to fix a bug or vulnerability, as well as a way to improve it. The same concept as taping up a hole in a tyre, but in the digital world.
What’s the difference between a patch and a security update?
All patches are updates, but not all updates are patches. Whereas patches are used within the context of fixing something specific, security updates are implemented for general security purposes rather than, for example, targeting a particular type of malware or vulnerability.
Could Microsoft have stopped WannaCryptor?
While it’s important to be clear that Microsoft does not accept responsibility for the ransomware’s spread, the patch it issued in March only protected “newer Windows systems and computers that had enabled Windows Update”.
In defense of the tech giant, the original patch was not installed by many organizations. The FT reported that Microsoft’s Phillip Misner claims the patch released in March “would have protected users against WannaCryptor, provided they installed the fix on their machines”.
The fact it was necessary to launch a new patch for unsupported versions of its operating system may speak for itself, but it is indisputable that we as individuals need to take responsibility ourselves for installing updates when we can.
How can I install a patch?
Installing an update to prevent an attack is the easy part. Here are three ways you can make sure your security is as watertight as possible:
- ESET has a free tool to make sure the Windows vulnerabilities exploited by WannaCryptor are patched.
- Microsoft users should head to this link to download and install relevant updates.
- If you fall victim to a cyberattack and need to remove malware, try using this tool provided by Microsoft.
Can patches stop the spread of a ransomware attack?
Patches can help stop malware from spreading, but they aren’t guaranteed to prevent or halt a cyberattack.
One of the main challenges firms often experience during an attack is that they lack the capacity to apply patches quickly to a high number of machines, because they can’t allow their machines to be out of action for a prolonged amount of time.
However, it may be mildly reassuring to know that the attackers made errors that allowed this malware to be stifled, limiting its already significant damage … but we won’t always be so fortunate.
So, are we safe now?
The WannaCryptor virus is not about to miraculously evaporate into a thin mist. One recent flare-up saw it preventing speeding drivers in Australia from being fined. The malware was accidentally uploaded to the camera network, affecting 55 traffic cameras.
Less user-friendly and far more dangerous, a more recent global attack displayed similar traits to WannaCryptor, as the malware in both attacks identified and exploited the same weaknesses.
It targeted the Ukranian government, as well as banks and hospitals in the country, and also, more globally, affected the shipping company Maersk in Denmark, and advertising company WPP in the UK. But unlike WannaCryptor, disconcertingly, the attack brought with it an element of mystery: one week later, experts were “still not entirely clear why it happened, or who was behind it”.
Brad Smith, Microsoft’s President and Chief Legal Officer, wrote: “As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems.”
This simply highlights the importance of staying vigilant and taking responsibility. It’s imperative to take heed of Smith’s advice. Update your Windows machines, install a security solution, make backups often and keep at least one of them offline, change your passwords, beware of phishing emails and implement two-factor authentication. It’s only by a concentrated effort en-masse that we can defeat the next variant of WannaCryptor, or indeed any other threat.