Microsoft has issued a new series of critical security patches to fix three further vulnerabilities, targeted by National Security Agency (NSA) in the set of leaked exploits that included Wannacry, responsible for the cyber-attack that floored parts of the NHS last month.
There are fears that the tools developed by the NSA to exploit the three vulnerabilities, which have since been leaked, could be exploited to unleash a second wave of global cyber attacks.
To address these risks, Microsoft’s Tuesday patch updates included critical security updates for unsupported versions such as Windows XP and other older versions of Windows. This is the second month in a row Microsoft has issued patches for the redundant XP operating system.
The company said that the flaws only affected older versions of Windows, and all users of older systems should upgrade.
NHS Digital’s CareCert cyber service issued a high priority advisory bulletin to trusts on 7 June warning about a new set of exploits being launched. The agency told Digital Health News today that Tuesday’s Microsft patches will be included in its scheduled Friday CareCert bulletin.
The WannaCry ransomware was behind May’s global cyber-attack, and exploited a vulnerability that was made public when a hacker group stole secrets from the (NSA).
Over 40 NHS trusts were infected or severely disrupted by the 12 May ransomware attacks, the results were debilitating for some trusts with diverted ambulances, cancelled operations and staff having to revert to pen and paper.
NHS Digital’s CareCert cyber service issued a high priority advisory bulletin to trusts on 7 June warning about a new set of exploits being launched.
On Tuesday, Adrienne Hall, general manager of the cyber defence operations centre at Microsoft, said in a blog-post that the updates have been released to the elevated risk of “nation-state actors” organisations.
“These security updates are being made available to all customers, including those using older versions of Windows.”
“Due to the elevated risk for destructive cyber-attacks at this time, we made the decision to take this action because applying these updates provides further protection against potential attacks with characteristics similar to WannaCrypt.”
One month on from the cyber-attacks, the scale of the hack is becoming clear. One trust estimates a million pound bill in recovery fees and another says over three thousand appointments were cancelled.
NHS Digital’s 7 June CareCert alert, issued before the new patches were released, warned that some trusts had still not applied patches first released in March to fix the Wannacry vulnerability.
NHS Digital sent out a CareCert alert on 15 June to remind trusts about the latest Microsoft bulletin.
16/06/17 – Edited to update the date NHS Digital sent out the patch.
15 June 2017 @ 09:54
I hear that some applications are having issues with printing after loading latest patches. Suppliers can’t ask trusts to not load patches in current level of heightened security awareness. Loading patches immediately in live environments before testing has risks too.