Earlier this weekend, hospitals in the United Kingdom as well as Telefonica, FedEx and other businesses were hit by a significant ransomware attack that compromised more than 75,000 computers in over 99 countries across the globe. The malware has been identified as WannaCry. It encrypts the affected computer and then requires the owner to pay a $300 ransom before it can be unlocked again. It spread so quickly because of a bug in some old versions of Windows that were originally used by the NSA to hack into PCs. Microsoft has quickly been issuing fixes to contain the situation.
Microsoft prioritized sending out fixes for the latest versions of Windows, this meant that users on legacy versions were left without adequate protection. Most of the machines that ended up being compromised were running older versions that hadn’t received the patch yet.
The company says that it’s now taking a “highly unusual” step by releasing public patches for Windows versions that are in custom support only. It has released specific patches for Windows XP, Windows 8, and Windows Server 2003.
“Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful,” said Philip Misner, a security group manager at Microsoft, adding that “Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only.”