Did m$ released patch for unsupported windozes after Wannacry hit?
Wannacry hit on 2017-05-12 using exploit generously donated by the NSA. For supported windozes the bug was fixed in 2017-03 for unknown reasons. Looks like for unsupported windozes like XP the patch was released on 2017-05-13 after Wannacry hit: http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598 Is it really so?
On 05/15/2017 02:22 AM, Georgi Guninski wrote:
Wannacry hit on 2017-05-12 using exploit generously donated by the NSA. For supported windozes the bug was fixed in 2017-03 for unknown reasons. Looks like for unsupported windozes like XP the patch was released on 2017-05-13 after Wannacry hit: http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598 Is it really so?
That's what I've read. Microsoft provided patches in March for nominally unsupported Windows versions with custom support contracts. The NHS, for example, had dropped its XP support contract in ~2014. Cheap bastards ;) I note that Microsoft provided these patches in May for all users. Certainly for authentic installs without support contracts. And perhaps even for pirated/cracked installs. I have an old cracked XP installer, I think, so maybe I'll test.
On Mon, May 15, 2017 at 02:45:48AM -1100, Mirimir wrote:
Certainly for authentic installs without support contracts. And perhaps even for pirated/cracked installs. I have an old cracked XP installer, I think, so maybe I'll test.
Installing or updating even from authentic media in a hostile network doesn't appear trivial without getting owned. It is remote exploit AFAIK.
On 05/15/2017 04:37 AM, Georgi Guninski wrote:
On Mon, May 15, 2017 at 02:45:48AM -1100, Mirimir wrote:
Certainly for authentic installs without support contracts. And perhaps even for pirated/cracked installs. I have an old cracked XP installer, I think, so maybe I'll test.
Installing or updating even from authentic media in a hostile network doesn't appear trivial without getting owned. It is remote exploit AFAIK.
I'm not talking about doing anything in a "hostile network". I just meant that I'd see if Microsoft gives me the patch.
On Mon, May 15, 2017 at 2:45 PM, Mirimir <mirimir@riseup.net> wrote:
On 05/15/2017 02:22 AM, Georgi Guninski wrote:
Wannacry hit on 2017-05-12 using exploit generously donated by the NSA. For supported windozes the bug was fixed in 2017-03 for unknown reasons. Looks like for unsupported windozes like XP the patch was released on 2017-05-13 after Wannacry hit: http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598 Is it really so?
That's what I've read. Microsoft provided patches in March for nominally unsupported Windows versions with custom support contracts. The NHS, for example, had dropped its XP support contract in ~2014. Cheap bastards ;)
To be fair, it wasn't the NHS that dropped that contract, it was the Tory Health Secretary Jeremy Hunt. The NHS actually made a bit of noise about just how stupid it was at the time. -- Ben Tasker https://www.bentasker.co.uk
On Mon, May 15, 2017 at 05:00:01PM +0100, Ben Tasker wrote:
That's what I've read. Microsoft provided patches in March for nominally unsupported Windows versions with custom support contracts. The NHS, for example, had dropped its XP support contract in ~2014. Cheap bastards ;)
To be fair, it wasn't the NHS that dropped that contract, it was the Tory Health Secretary Jeremy Hunt. The NHS actually made a bit of noise about just how stupid it was at the time.
http://www.theregister.co.uk/2017/05/16/microsoft_stockpiling_flaws_too/ Money talks Custom support is a big earner: Microsoft charged Britain's National Health Service $200 per desktop for year one, $400 for year two and $800 for a third year as part of its contract. UK Health Secretary Jeremy Hunt cancelled the contract after a year as a cost-saving measure.
16.05.2017, 05:03, "Georgi Guninski" <guninski@guninski.com>:
On Mon, May 15, 2017 at 05:00:01PM +0100, Ben Tasker wrote:
> That's what I've read. Microsoft provided patches in March for nominally > unsupported Windows versions with custom support contracts. The NHS, for > example, had dropped its XP support contract in ~2014. Cheap bastards ;) > > To be fair, it wasn't the NHS that dropped that contract, it was the Tory Health Secretary Jeremy Hunt. The NHS actually made a bit of noise about just how stupid it was at the time.
http://www.theregister.co.uk/2017/05/16/microsoft_stockpiling_flaws_too/ Money talks
Custom support is a big earner: Microsoft charged Britain's National Health Service $200 per desktop for year one, $400 for year two and $800 for a third year as part of its contract. UK Health Secretary Jeremy Hunt cancelled the contract after a year as a cost-saving measure.
Custom support might well be a big earner for Microsoft but I don't think it's the main reason they 'hoard' patches for older software. Users would stay on old, outdated, software forever if they weren't given a strong incentive to upgrade. Hell, I have customers still running shit on Windows 95 who refuse to upgrade because of costs or software availability. Not only that but making it comfortable for users to stay on old systems is cumulative: more and more users choose not to upgrade because they will continue to be supported and the support costs to Microsoft go up with every single release (bandwidth isn't free, engineering time isn't free). Again, it makes sense to try to make it uncomfortable for users to upgrade. So yeah, I totally understand making it as uncomfortable and costly to lag behind as possible from both a security and financial standpoint.
participants (4)
-
Anthony Papillion -
Ben Tasker -
Georgi Guninski -
Mirimir