Microsoft confirms that “WannaCrypt” uses an NSA exploit

Microsoft confirms that

Microsoft confirms that “WannaCrypt” uses an NSA exploit

 
Microsoft has confirmed that “WannaCrypt” uses an NSA exploit, calling once again for a “Digital Geneva Convention” to prevent nation states from stockpiling such vulnerabilities to exploit users or to sell to others. 
 
For those who are unaware, “WannaCrypt” is a malicious ransomware tool that has quickly spread globally to users of older OS’ like Windows XP and unpatched version of Windows 7 that are not entirely updated. This issue was patched for OS’ within mainstream support on March 14th, one month before the exploit was stolen from the NSA and leaked online. Thankfully Windows 10 was never affected by this issue, so those who updated to the new OS should be safe. 
 
This exploit has infected PCs all over the world, infecting a large number of PCs within several industries, including hospitals. This should act as a huge warning for those using older systems, as well as a warning to governments that have unwittingly helped criminal enterprises by not reporting this issue to Microsoft earlier and allowed this exploit to be stolen and leaked in the first place. 
 
In response to this situation, Microsoft has created patches for several older operating systems that are not officially supported, including Windows Server 2003, Windows XP and Windows 8 (Windows 8.1 is already patched). These updates are available to download here from Microsoft directly.  

 

Microsoft confirms that

 

Two lessons can be learned from this event, first that you should never be using an OS that is outside of mainstream support, as they have no defence from these kinds of exploits, and secondly, that government agencies should be reporting these issues to prevent such a catastrophe from happening in the future.    

The National Security Agency of the USA has unwittingly caused consumers, businesses and even hospitals all over the world to become victims of ransomware. This has no doubt cost those affected a lot of money, due to both delays and the time and effort required to fix affected hardware. 

This is a continuing trend from the US where exploits and vulnerabilities discovered by US agencies are leaking online and are causing widespread damage across the world. There is no question now that today some of the biggest threats to cyber security are nations and not just criminal enterprises.    

 

You can join the discussion on Microsoft’s confirmation that “WannaCrypt” uses an NSA found exploit on the OC3D Forums.