Following the massive Wana Decrypt0r ransomware outbreak from yesterday afternoon, Microsoft has released an out-of-bound patch for older operating systems to protect them against Wana Decrypt0r's self-spreading mechanism.
Wannacry Windows 10 Patch Download Kb4012606
The operating systems are Windows XP, Windows 8, and Windows Server 2003. These are old operating systems that Microsoft stopped supporting years before and did not receive a fix for the SMBv1 exploit that the Wana Decrypt0r ransomware used yesterday as a self-spreading mechanism.
That mechanism is a modified version of the ETERNALBLUE exploit, an alleged NSA hacking tool leaked last month by a group known as The Shadow Brokers.
The patch that came out with Windows Updates in March supports Windows 8.1. There are links to manually downloading the patch KB4012598 for Windows 8 (Doesn't mention embedded) but they don't install. I want to download the patch for x64 Windows 10 for wannacry. It is definitely a 64 bit computer. When I run the update it is returning an error message which states.
Those who have Windows Update enabled are protected against attacks on this vulnerability. Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86, Windows 8 x64. Download localized language. Tags cyberattacks Microsoft Windows ransomware Security Update wannacry.
Original MS17-010 patch didn't include XP/Win8 fixes
Microsoft had released a fix for that exploit a month before, in March, in security bulletin MS17-010. That security bulletin only included fixes for Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012, and Windows Server 2016.
As the SMBv1 is a protocol that comes built-in with all Windows versions, the computers which did not receive MS17-010 remained vulnerable to exploitation via Wana Decrypt0r's self-spreading package.
'Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download,' Microsoft said in a statement. 'This decision was made based on an assessment of this situation, with the principle of protecting our customer ecosystem overall, firmly in mind.'
Researchers believe that Wana Decrypt0r — also referenced online as WCry, WannaCry, WannaCrypt, and WanaCrypt0r — infected over 141,000 computers.
While unconfirmed, many believe older Windows XP and Windows Server versions were the bulk of the infections pool, as they had no way to protect themselves.
Wanna Cry Windows 8 Patch
Patch systems and disable SMBv1 where possible
Besides installing these out-of-band updates — available for download from here — Microsoft also advises companies and users to disable the SMBv1 protocol, as it's an old and outdated protocol, already superseded by newer versions, such as SMBv2 and SMBv3.
The current Wana Decrypt0r outbreak has been stopped last night after a security researcher found a kill switch. This is only temporary, as the attackers could release a new version of this threat. This is why patching the SMBv1 exploit is a better solution.
For those affected, you can discuss this ransomware and receive support in the dedicated WanaCrypt0r & Wana Decrypt0r Help & Support Topic. Bleeping Computer also published a technical analysis of the Wana Decrypt0r ransomware.
Related Articles:
Since Windows 10 would normally have installed this patch when it was first released in March 2017, it's most likely that the 2nd cause listed in the Microsoft Support article excerpt below applies.
This particular update only typically needs to be manually installed on older, unsupported Windows operating system versions such as Windows XP, 8.0 or in the less common case where the Windows Updates have been failing to install properly.
To determine whether this is the case, you may view the installed updates by following the method for your specific operating system version found in this Windows Update: FAQ article under the section heading titled; How do I see installed updates on my PC?
Note that the item listed that includes the update for Windows 10 originally would have been the Cumulative Update dated March 14, 2017—KB4013429. However, this would likely also have been superseded and so replaced by either a later cumulative update or the Creators Update by now, since these include all previously delivered updates.
For either Windows 7 or 8.1, it would have been included in the March 2017 Security Monthly Quality Rollup for that specific version of Windows, typically installed on or shortly after the March 14th release date.
Rob
The most common reasons for this error are described in the following table:
Wannacry Patch Download
Cause number | Cause | Explanation |
---|---|---|
1 | Update is superseded | As updates for a component are released, the updated component will supersede an older component that is already on the system. When this occurs, the previous update is marked as superseded. If the update that you're trying to install already has a newer version of the payload on your system, you may encounter this error message. |
2 | Update is already installed | If the update that you're trying to install was previously installed, for example, by another update that carried the same payload, you may encounter this error message. |
3 | Wrong update for architecture | Updates are published by CPU architecture. If the update that you're trying to install does not match the architecture for your CPU, you may encounter this error message. |
4 | Missing prerequisite update | Some updates require a prerequisite update before they can be applied to a system. If you are missing a prerequisite update, you may encounter this error message. For example, KB 2919355 must be installed on Windows 8.1 and Windows Server 2012 R2 computers before many of the updates that were released after April 2014 can be installed. |