Security Market Segment LS
Saturday, 20 May 2017 21:08

Microsoft criticised for holding back on Wannacry patch to XP users Featured


Some of Microsoft’s customers have been charged $1000 per year per device for XP patches, with charges escalating so much the NHS abandoned support after just one year.

Update: "WannaKey" and "WanaKiwi" can decrypt Wannacry - in very specific circumstances

Original story continues:

A new report in the Financial Times, entitled “Microsoft held back free patch that could have slowed WannaCry”, quotes people criticising Microsoft for holding back on patches for XP that could protect against known vulnerabilities.

An MDN report has some of the FT article’s details, as FT articles are behind a firewall unless first individually searched for via a search engine.

These vulnerabilities have since led to ransomware attacks on businesses around the world, including some in Australia, and most worryingly, hospitals as part of the UK’s NHS - reportedly leading to serious problems delivering services to patients.

The report says Microsoft recently started charging enterprise customers for additional Windows 10 security, something criticised, given this protection should be standard in all versions of Windows 10.

Also criticised is the huge cost of custom support for the XP operating system, with fees into the millions of dollars for some customers, some of whom are presumably still unable to move to Windows 10 due to custom software, and for whom paying custom support fees is still a better deal than uprooting all hardware and software to the latest versions.

The report quotes a US government official suggesting Microsoft should have acted to protect XP users before the Wannacry ransomware attacked vulnerable computers.

This is especially so considering Microsoft reportedly knew, thanks to the NSA, that vulnerabilities were now in the open, and the fact that it issued patches for supported versions of Windows — but left unsupported users out in the cold — until it was forced to issue an "emergency patch" for XP users, by which time it was too late for many of those already affected by Wannacry. 

Had patches been issued for the hundreds of millions still using older versions of Windows in production environments, Wannacry’s effects would have been vastly limited compared to what actually happened.

Zeynep Tufekci, an associate professor at the school of information and library science at the University of North Carolina, wrote a New York Times op-ed entited: “The world is getting hacked. Why don’t we do more to stop it?” 

Within the op-ed, Tufekci stated: “Companies like Microsoft should discard the idea that they can abandon people using older software. The money they made from these customers hasn’t expired; neither has their responsibility to fix defects.”

Tufekci posted the following tweet, attacking those who consider XP ancient: 

The Verge quoted a ZDNet article stating: "The real problem here is that for decades the IT industry as a whole has been selling rubbish products. It's become fabulously wealthy by making products that are broken to begin with, and often, directly or indirectly, charging customers to fix them.”

The ZDNet article by Australian tech writer Stilgherrian quoted the owner of Pinboard stating: “Blaming people for using ancient software is really weird. There's no other context where we demand constant replacement of things that work."

Stilgherrian also wrote: “When you're running a hospital full of machines that go ping, you can't afford an update to kill those pings, because that in turn can kill people. Context matters.”

However, in another New York Times article entitled: “In Ransomware Attack, Where Does Microsoft’s Responsibility Lie?", we read of security experts having “challenged that argument, saying that Microsoft could not be expected to keep updating old software products indefinitely".

Mikko Hypponen, chief research officer of security firm F-Secure, is quoted as stating: “I can understand why they issued an emergency patch for XP after WannaCry was found, but in general, we should just let XP die.”

Naturally, the sound advice is to bite the bullet and upgrade to a supported version of Windows that receives timely patches, but if it were so easy and affordable to do so, millions upon millions still wouldn’t be using XP.

Reports suggest Microsoft is the big winner from the Wannacry ransomware, as it will force many XP users to upgrade at long last.

Also criticised has been security firm Sophos, which prior to the Wannacry outbreak had a microsite featuring the headline ‘The NHS is totally protected with Sophos,’ which clearly did not happen given the prominence of NHS Wannacry shutdowns specifically because of the Wannacry attack.

However, despite the NHS reportedly using XP systems, The Verge quotes a Kaspersky Lab claim that WIndows 7 64-bit users were hardest hit, with "less than one in a thousand" of those affected "using XP".

Windows 7 was one of the supported operating systems getting a patch about a month before Wannacry hit, so this report seemingly shows people aren't patching properly or in a timely manner, while also exposing that Microsoft still felt it necessary to issue an emergency Windows XP patch. 

The following is just some of iTWire's Wannacry coverage:



26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Alex Zaharov-Reutt

One of Australia’s best-known technology journalists and consumer tech experts, Alex has appeared in his capacity as technology expert on all of Australia’s free-to-air and pay TV networks on all the major news and current affairs programs, on commercial and public radio, and technology, lifestyle and reality TV shows. Visit Alex at Twitter here.



Recent Comments