Ransomware: Microsoft can no longer claim to be ‘proactive’
• 14 May 2017
• Written by Sam Varghese
Microsoft’s reaction to the Windows ransomware crisis that occurred on Friday and Saturday has shown one thing: no longer can the company continue to use the business buzzword “proactive” when it talks about itself. It was caught unawares and left looking very old and tired in the way it responded to the situation.
When the Shadow Brokers group dumped a number of NSA exploits on 14 April, after having tried for a while to get people to buy them, it should have been clear to those who head the Microsoft Security Response Centre that it was only a matter of time before some attacker would use these exploits to attack vulnerable systems.
The probability was all the more, given that attacks these days are driven mostly by a desire to make money. Not just to get up someone’s nose.
It has also been clear to all those who are in any way part of the tech community — those who have not been living under a rock, that is — that there are millions of Windows machines out there that are out of support and vulnerable to these exploits.
As iTWire reported back in February, 150 million PCs were running Windows XP at that time, a version for which support has long expired.
Microsoft issued patches to guard against these exploits in March, a month before the Shadow Brokers dumped the lot. (The company has kept mum as to how it became aware of the dumped exploits. Was it told by the NSA? Did it pay the Shadow Brokers?)
But, given its parsimonious nature, something that has often left it with egg on its face in the past, Microsoft only issued patches for Windows versions that are currently supported.
It did not think ahead and contemplate the possibility that a situation similar to Code Red could eventuate again, with attackers having a field day on older Windows systems. No, it was caught on the back foot and had to pull up its socks and react fast.
Had it not been for an accidental act by a British researcher, we would be looking at Code Red Mark II now.
Now, the company that has been force-feeding Windows to all and sundry is acting as though it is the good guy. “Seeing businesses and individuals affected by cyber attacks, such as the ones reported today, was painful,” wrote Phillip Misner, principal security group manager at the MSRC.
When the Shadow Brokers dumped the exploits, what was Misner doing? The analogy that comes to mind is that of Nero fiddling while Rome burned.
And thus, when the fat was well and truly in the fire, Microsoft found itself forced to issue patches for Windows XP, Windows 8, and Windows Server 2003. Of course, lest you forget, this was done in the public interest!
This is not the first time that attacks on Windows systems have triggered mass panic. Dave Aitel of Immunity, a security professional who often calls things as he sees them, put it well in a tweet: “Windows didn’t get more secure in the last two decades, the hackers just got nicer.”
A number of security companies wrote in to iTWire, seeking to capitalise on the situation and plug their own names and wares. These companies are part of the problem: they should be calling out Microsoft for its pathetic attitude to security, which this time put the lives of patients in Britain at risk.
But you won’t find any of these security experts saying a thing. After all, why would they bite the biggest hand that feeds them? If Windows disappeared overnight, many of these companies would be left without lunch money.
The cynicism that has been on display in the last 36-odd hours is disgusting.