Microsoft announced that, along with the typical security patch bundle that Windows users were already expecting today, it will also release additional security updates meant to protect against sophisticated nation-state attackers and against the WannaCry ransomware. The company is releasing the updates to all versions of its operating system, including Windows XP, which was no longer supposed to be supported.
Microsoft said that it has added improved defenses against the WannaCry ransomware and similar malware in the latest Windows update. The spread of ransomware is bound to continue to rise, however, because it has proven to be a rather reliable source of income for the malicious actors behind it.
Microsoft and other platform vendors will have no choice but to address the issue of ransomware sooner, rather than later, before ransomware can affect hundreds of millions of devices. The Internet of Things (and that may include connected and self-driving cars) could soon become the next big target for ransomware, because IoT devices typically abide by '90s security practices and don’t tend to be updated for too long by their providers.
Protecting Against Nation-State Actors
WannaCry became one of the most successful ransomware precisely because it used exploits and tools stolen from the NSA, which also means that the NSA may have already been using those same capabilities for many years.
Microsoft itself has called the NSA the main party responsible for the spread of WannaCry because it was the one to create the exploit tools in the first place. As other governments have restarted their war against encryption, WannaCry is an important reminder that there is no such thing as a “good guys’ backdoor.”
If a tool (whether you call it a backdoor or a debugging feature) exists that can give another party remote access, it will eventually be found by the “bad guys,” too. Then, their targets could be anyone or everyone -- as WannaCry showed.
Similarly, Intel’s ME/AMT technology allows enterprise IT administrators to login remotely to a machine and bypass the OS-level security, and a vulnerability has already been found in it. Microsoft also provided a report (opens in new tab) about a nation-state hacking group that's been abusing Intel's AMT technology for years. The technology will likely continue to be abused by hackers for the foreseeable future because not all devices, especially those older than a few years will patch the vulnerability.
Intel may also have to either remove or completely redesign the functionality in a much more secure way to ensure the feature won’t be exploited in future chips, too.
Microsoft said that it identified some vulnerabilities that posed an elevated risk of attacks by government organizations or other sophisticated hacking groups, so it released additional security updates alongside the more common security patches that were supposed to be released this month.
If you have a newer version of Windows that has automatic updates enabled, then you don’t have to do anything. If you’re still on Windows XP you will have to download the updates manually from the Download Center or the Update Catalog.