The WannaCry global ransomware attack that started early this month has spread around the world and infected hundreds of companies both big and small. The ransomware exploits the same vulnerability in practically every version of the Windows operating system. It leverages the EternalBlue Windows exploit that came out of an NSA leak last month and was released on WikiLeaks, highlighting a critical software vulnerability in the Windows Server Message Block (SMB).
Microsoft released a patch (MS17-010) for its supported operating systems on March 14, and, more than 60 days later, organizations that did not patch their Windows systems scrambled to do so. If you have applied the patch for the Windows SMB vulnerability, then you have nothing to worry about. If you haven’t, you’re still at risk for this exploit.
Unbelievably, many companies are still running Windows XP and Windows Server 2003. They couldn’t do anything about WannaCry because these operating systems are unsupported and not initially covered by the patch. According to NetMarketShare, over 7% of the world’s desktop operating systems are still running the vulnerable version of Windows XP. The impact of this means that over 7% of systems connecting to the Internet had no way to be protected from the WannaCry worm, other than to just cut the systems off from the Intranet.
In a highly unusual move that highlighted the global impact of this epidemic, Microsoft released a security patch for these ancient systems. If you are running Windows XP or Windows Server 2003, the first thing you should do is download the patch and install it now. The second thing is to start planning to migrate those systems to Windows 7 or, even better, Windows 10, immediately.
Moving to a modern operating system like Microsoft Windows 10 can be a daunting task if you do not plan accordingly, but there are solutions that can help reduce the pain and automate much of the process. This may be the warning sign that the old way of managing Windows successive versions is just no longer viable or safe. Developing new processes, automation and streamlining the process of keeping Windows current are projects that are long overdue at most enterprise organizations.
We hear many reasons why organizations don’t keep up with Windows releases:
- Manual processes to migrate Windows consume too many IT resources.
- Legacy application compatibility is an issue holding us back from moving to Windows 10.
- Coordinating security and compliance issues with other teams is difficult.
This sort of unprecedented attack should convince you once and for all that running unsupported software is not an option, and that the effort to rid your infrastructure of these is time well spent. And Windows is just the tip of the iceberg. Software is prolific, and without proper insights, controls and governance over the operating systems that are running your corporate infrastructure, you may just be the next target.
Timothy Davis is a Senior Product Marketing Manager at Flexera Software, and has worked in global marketing at high-tech firms such as BMC Software, VeriSign, McAfee, and Lotus. With over 25 years of experience in enterprise software, he has gained a deep understanding of the business challenges faced by IT organizations in enterprises of all sizes. Specializing in IT Service Management and Operations, Tim develops content that translates product features into real business benefits that help IT leaders learn about new and developing technologies that drive IT efficiency and improve customer satisfaction.