WannaCry: indictment of affected businesses and organizations

comment of the WannaCry attack mainly the British health service national health service (NHS) was affected. The attack meant that people could no longer be treated because the medical staff more had no access to patient records. That could have been prevented if responsible decision-makers vulnerabilities would take more seriously.

 WannaCry has infested more than 180,000 PCs according to current census (screenshot: ZDNet.de) WannaCry has infested more than 180,000 PCs after current census (screenshot: ZDNet.de)

according to the UK Home Secretary amber Rudd have numerous jobs of authority with Windows XP machines. The 2001 released operating system is no longer supported Microsoft by since 2014 with security updates. By the way: Neither Linux nor Mac OS offer so long support. Companies and authorities could still extend the XP support. It cost an amount of initially $200 per computer per year, however. Microsoft increased the fee a year later $400 .

Windows XP: paid support-extension

the offer paid support for Windows XP took authorities and enterprises in this country. For this purpose, for example, the German Bundestag referred nearly 120,000 euros to Microsoft . In the Netherlands, the Government for the support renewal paid several million euro until January 2015 even .

the British Government has completed a similar deal with the Redmond software company. She paid for the support renewal at least 5.6 million pounds (6.5 million euros) a year. Not just security updates for Windows XP, but also for Office 2003 were included and Exchange Server 2003 wanted to rearrange then all computers in the public sector United Kingdom claims until April 2015. That apparently failed.

whether the paid support for Windows XP is still possible, is unclear. Clearly however seems to be that the undertakings concerned have played no security patches for the computer. Only WannaCry could spread so quickly. Once infected a PC with WannaCry, for example, through a phishing email, spread malicious code on the discovered by the NSA and for many years secret Windows vulnerabilities CVE-2017-0144 . Microsoft had already closed the gaps in March. Also for that on-based Windows XP Windows Embedded POSReady 2009 for which the Group delivers security updates until to April 2019. In April, it was announced that the NSA tools that exploit these vulnerabilities, by cybercriminals has been put into circulation.

 security update KB4012596 for Windows XP (image: Microsoft) with a simple registry hack also XP machines had the asked update that resolves the SMB vulnerability that is used for the WannaCry attack, can be installed in March for Windows Embedded POSReady 2009 available (picture: ZDNet.de).

a lack of safety awareness

that has end of support by Windows XP Microsoft years previously announced. Companies such as home users could prepare so very long. Nevertheless, it seems as the warnings when many leaders in business and Government have not had an effect. After all, it was possible to officially extend the XP support, so that corresponding systems have continue to receive security updates. That no use has been made of this possibility is negligent. Even if this possibility no longer exists, what is currently unclear, one must ask those responsible in the company how they justify the risk of unprotected PC systems operation.

in the case of the NHS, this has brought probably even human lives in danger. Missing money should certainly play no role in the security of critical infrastructure. And this might also be the reason. Finally, the Deutsche Bahn in Stuttgart in Germany affected by WannaCry builds an underground station for several billion euros. Sufficient money available should there also for a few modern and secure PCs. Or prestige buildings are more important than security?

in light of the damage potential of IT vulnerabilities, by further advancing digitization and other developments such as IoT and industry 4.0 is even greater, must get the theme of security in the company strategic relevance. And in addition, Governments should ensure that their intelligence services keep found vulnerabilities not for themselves, but send the manufacturer. It would be useful also, already in the school to teach people not to click on any link or attachment.

P.S.: last but not least is still the note provided that it can persuade Microsoft with a simple registry trick continue to provide security updates for Windows XP. These are while not officially for the desktop version of the operating system, but on the XP-based Windows Embedded POSReady 2009. But in the editorial test computer runs it since the end of support by Windows XP 2014 properly.

 end of Windows support (screenshot: ZDNet.de) the end of support by Windows XP 2014 Microsoft announced for years. Nevertheless 2017 corporations and organizations use in the year the 2001 released operating system, although this is not protected against current threats (screenshot: ZDNet.de).

Be the first to comment

Leave a Reply