Why the Patching Problem Makes us WannaCry

Over the weekend a cyber attack known as “WannaCry” infected hundreds of computers all over the world with ransomware (malware which encrypts your data until you pay a ransom, usually in Bitcoin). The attack takes advantage of an exploit for Windows known as “EternalBlue” which was in the possession of NSA and, in mid April, was made public by a group known as “The Shadow Brokers.” Microsoft issued a patch for the vulnerability on March 14 for all supported versions of Windows (Vista and later). Unfortunately at the time the attack started many systems were still unpatched and legacy Windows systems such as Windows XP and Windows Server 2003 were left without a patch for the vulnerability. Since the attack began Microsoft has issued a patch for Windows XP and Windows Server 2003 as well.

Read full news article on Electronic Frontier Foundation