The spread of the initial release has actually stopped (after infecting more than 123,000 computers) because security researchers registered a domain that the malware checks before the infection starts.As long as the software finds it, a sort of killswitch engages and no encryption occurs.
"In reviewing the updates for this month, some vulnerabilities were identified that pose elevated risk of cyber attacks by government organizations, sometimes referred to as nation-state actors or other copycat organizations," Microsoft's Hall said.
The Eternal Blue exploit that Wanna Cry used to spread itself between Windows machines was believed to have been crafted by the US National Security Agency (NSA), and used in its own hacking efforts.
Microsoft has once again taken the extraordinary step of patching the out-of-support Windows XP, in an attempt to limit the scale of the next Wanna Cry-style attack.
The updates for XP and other versions of Windows, released as part of yesterday's Patch Tuesday, have fixed vulnerabilities that could be used in what Microsoft calls "attacks with characteristics similar to Wanna Crypt"."These security updates are being made available to all customers, including those using older versions of Windows," wrote Adrienne Hall, general manager of Microsoft's Cyber Defense Operations Center, adding the measure was "due to the elevated risk for destructive cyber attacks at this time".
The exploit was later revealed by the Shadow Brokers group, after it stole a cache of vulnerabilities from the NSA-linked Equation Group.
Since yesterday's patches were issued, Microsoft has confirmed to ZDNet that the updates fix the remaining unpatched vulnerabilities from the trove revealed by the Shadow Brokers.
Microsoft officially ended its support for most Windows XP computers back in 2014, but today it's delivering one more public patch for the 16-year-old OS.
As described in a post on its Windows Security blog, it's taking this "highly unusual" step after customers worldwide including England's National Health Service suffered a hit from "Wanna Crypt" ransomware.
If you're running a vulnerable system and can't install the patch for some reason, Microsoft has two pieces of advice: Update: Microsoft legal chief Brad Smith has written a blog post that both calls for more help from customers (read: update more often) and chastises intelligence agencies for hoarding security exploits.
They don't understand the risk to the public if the exploits leak, Smith says -- it's as if someone stole a batch of Tomahawk missiles.