Windows XP Accidental Resilience
Microsoft Windows XP installations isn’t as overtly vulnerable to the vicious WannaCry ransomware virus as most assumed, according to a new report just released by Kryptos research. The company’s research team found that XP computers hit with the most recent WannaCry attack usually just crashed without installing or spreading the ransomware. If true, the result would undermine much of the early reporting on Windows XP’s role in spreading the globe-spanning ransomware.
The core component of the WannaCry virus is a vulnerability in Windows file-sharing system named SMB, which allowed the virus to spread quickly across systems with no user interaction. When Kryptos researchers targeted an XP computer with the malware in a lab test, they found that the computers either failed to install or exhibited the normally unwelcome “blue screen of death,” requiring a reset. It’s still possible to manually install WannaCry on XP machines if the need took you, but the program’s particular method of breaking through security isn’t effective against older operating system.
While they are contrary to much of the early analysis of WannaCry, Kryptos’ discoveries are consistent with earlier research from the Kaspersky Lab, which found that Windows XP made up an “insignificant” percentage of the total infected machines. Kaspersky found the larger percentages of infections on machines running Windows 7 or Windows Server 2008.
Much of the early focus on Windows XP was the result of the UK’s NHS, one of the earliest and most destructive victims of WannaCry. A number of news agencies blamed the NHS infections on computers running Windows XP, leading to widespread alarm over Microsoft’s failure to release a security patch. The NHS itself denied the claim, saying less than 5 percent of the service’s computers still ran Windows XP at the time of the attack. In light of the latest Kryptos research, it’s plausible that vulnerable Windows 7 systems were a larger issue for NHS.
In the days following the attack, Microsoft drew criticism for its failure to issue a public patch to protect Windows XP against WannaCry. Microsoft stopped issuing public security patches for XP when it deprecated the Windows XP in 2014, but paying business users could still get patches directly from the company, including the patch protecting against WannaCry. Microsoft eventually issued an emergency patch to protect XP against the vulnerability, although it’s unclear how much of a difference this made.
The Kryptos report doesn’t throw into doubt all of Windows XP’s security issues. Systems can still be infected by a direct installation of the WannaCry malware which a user could be fooled into performing, and the general vulnerability is still very much an issue for anyone running an unpatched version of XP. Outside of this specific malware, XP remains vulnerable to dozens of attacks that have sufaced up in the time since support was discontinued. In the case of WannaCry, XP’s tendency to crash when presented with unusual code seems to have provided an unlikely wall of protection against the ransomware attack.