Warning: Millions of devices are still vulnerable to WannaCry

About 15 percent of healthcare organizations are running on outdated systems or browsers, while 160 million computers, IoT devices and servers still have open ports, studies found.
By Jessica Davis
01:59 PM
Share
Warning: Millions of devices are still vulnerable to WannaCry

A new Rapid7 National Exposure Index found that 160 million computers, servers and IoT devices have open ports not meant to be exposed on public networks.

And when it came to the file-sharing SMB port 445 vulnerability exposed with the WannaCry attacks, 4.6 million internet-connected devices left this port open in 2016. Just after the attacks Rapid7 checked this statistic again and found that even with the SMB port vulnerability known, still 5.5 million internet-connected devices still had exposed ports.

About 800,000 of these SMB ports were on Windows systems and specifically vulnerable to wormable WannaCry ransomware.

[Also: HHS targeting outdated regs in wake of damning cybersecurity report, WannaCry]

Further, 15  percent of healthcare organizations are still running on outdated systems or browsers, according to a new BitSight report. While many of these organizations simply lack the funding to update its systems, outdated platforms put these providers at risk.

In a rare move, Microsoft has released additional security patches for Windows XP and Server 2003 users to protect against potential nation-state activity and destructive cyberattacks, such as those seen in the WannaCry attacks on May 12.

The security patches are included in the company’s June 12 patch and fixes three outstanding vulnerabilities built by the National Security Agency: ENGLISHMANDENTIST, ESTEEMAUDIT, and EXPLODINGCAN.

[Also: Unsecured medical devices: Healthcare's new warning call]

Microsoft previously said it would not fix these exploits, but changed course upon recognizing the elevated risk of disruptive cyberattacks.

If exploited, these risks could allow a hacker to run arbitrary code in the server without authentication, which could be used to craft a worm exploit. Further, flaws in the SMBv2 and print spooler service could also allow remote code execution, while a vulnerability in Kerberos could provide privilege elevation.

It’s uncommon for Microsoft to release these types of patches to out-of-date systems, as the company no longer supports the technology. Microsoft stopped supporting XP and Server 2003 years ago. Microsoft previously released patches for SMB vulnerabilities in these systems following the WannaCry attacks.

[Also: Microsoft issues WannaCry security patch for XP, blasts US for 'stockpiling vulnerabilities']

“Our decision today to release these security updates for platforms not in extended support should not be viewed as a departure from our standard servicing policies,” officials said in a statement. “As always, we recommend customers upgrade to the latest platforms.”

“The best protection is to be on a modern, up-to-date system that incorporates the latest defense-in-depth innovations,” added officials. “Older systems, even if fully up-to-date, lack the latest security features and advancements.”