Patching Windows XP against WannaCry ransomware

Credit to Author: Michael Horowitz| Date: Sun, 14 May 2017 12:56:00 -0700

Microsoft just released a patch for Windows XP that fixes a file sharing flaw being exploited by the WannaCry ransomware. Here’s how to install it. 

You can download some versions of the patch using links at the bottom of this May 12th  Microsoft article: Customer Guidance for WannaCrypt attacks. The full list of patch variants, including languages other than English, is in the Windows Catalog, just search for KB4012598. Windows Update does not work on XP.

For an x86 machine with Service Pack 3 installed, the downloaded file name is 

windowsxp-kb4012598-x86-custom-enu_eceb7d5023bbb23c0dc633e46b9c2f14fa6ee9dd.exe

I know, its looks like malware itself. The file is small, only 665K. Logon as an Administrator and, for good luck, make a Restore Point first thing.

To see if System Restore is enabled, right click on My Computer, get the Properties and go to the System Restore tab. To actually make the Restore Point, go to Start -> Programs -> Accessories -> System Tools -> System Restore.

The installation process is simple.

1. Wizard warns you to backup your system and close all open programs
2. Then you have to agree to a license
3. Installing the patch takes only a few seconds, even on old hardware. It first asks you to wait while it “inspects your current configuration, archives your current files and updates your files.” Then it makes a restore point. 
4. When its all done, it wants you to reboot

After rebooting, you can verify that the patch was correctly installed using Add or Remove Programs in the Control Panel. You first need to turn on the checkbox to “Show updates.” Then scroll down looking for the “Windows XP – Software updates” section. It should be huge.

In this section, look for “Security Update for Windows XP (KB4012598)” with the current date as the date installed. Considering this is Windows XP, the installation date should stick out like a sore thumb. On two machines that I tested, it was, fortunately, the last entry in the list.

The fix applies to the file sharing component of Windows (Server Message Block or SMB) and thus prevents an XP machine from being infected over a LAN (Local Area Network). However, it would not protect an XP machine that was attacked another way, via email, for example.

I checked around (here and here) and Microsoft has not issued an update to their free anti-malware software, Security Essentials, for Windows XP. When XP went off support, it was denied access to Security Essentials. Thus, XP machines remain vulnerable to WannaCry, just not via file sharing on a LAN.

To fully protect an XP machine requires a third party antivirus product. Lotsa luck with that.

BitDefender bragged today that they can protect against WannaCry, but they do not support Windows XP. Neither does Avira, Trend Micro or F-Secure. Kaspersky still supports XP, but their website says nothing about WannaCry. 

So, yes, Microsoft released a patch for Windows XP. But now you know the rest of the story. 

FEEDBACK
Get in touch with me privately by email at my full name at Gmail. Public comments can be directed to me on twitter at @defensivecomput

http://www.computerworld.com/category/security/index.rss