Last week, the WannaCry ransomware attack surprised the world. The attack leveraged a Windows vulnerability that the NSA was holding in its hip pocket - it didn't even tell Microsoft. The NSA called the exploit EternalBlue. EternalBlue was made public in April as a part of a Shadow Brokers dump. Microsoft released a fix a month before the dump. Why was WannaCry so successful? It's because people didn't apply the Microsoft patch (MS17-010) or were running unsupported operating systems (e.g. Windows XP). In a rare move, Microsoft released a patch specifically for XP and Server 2003 (both unsupported) to plug the hole.
The lesson is that patches should be applied as quickly as possible and don't use unsupported software that isn't getting any security updates.
E-mail: email@example.com Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology