Quote:
Originally Posted by heero_yuy
I beg to differ, my XP SP2 machine is permanently connected to the net, has never been patched since the OS was installed over 10 years ago and does not get infected. The issue is NOT the age of the OS but the stupidity/naivety of the staff using the computers.
This worm affects all versions of windows upto and including W10.
|
XP2 stopped receiving security patches years ago. It may be possible to keep to secure if you know what you're doing but vulnerabilities remain.
I hadn't heard Windows 10 was vulnerable to this. Ars state it's not:
https://arstechnica.co.uk/security/2...dows-versions/ whereas previous ones such as Windows 8 and 7 are still in their extended support cycles so should have been patched already. Any Windows 8 or 7 machine that kept up to date would also not be vulnerable.
This post better explains what happened:
https://www.troyhunt.com/everything-...pt-ransomware:
Quote:
|
It's able to do this where the machine supporting the protocol has not received the critical MS-17-010 security patch from Microsoft which was issued on the 14th of March and addresses vulnerabilities in SMBv1 (Microsoft doesn't mention SMBv2 but Kaspersky has stated that WannaCry targets v2 as has Symantec). In other words, you had to be almost 2 months behind in your patch cycle in order to get hit with this. Windows 10 machines were not subject to the vulnerability this patch addressed and are therefore not at risk of the malware propagating via this vector. Likewise, I've seen no commentary suggesting that other SMB implementations such as Samba are impacted.
|
So the flaw in previous versions of Windows allowed this to spread so fast. A single computer might be hit by the negligence of staff but unpatched computers caused to to spread.