On May 12 a ransomware virus, WannaCry, was released on the Internet and rapidly spread to hundreds of thousands of Microsoft Windows based computers in over 150 countries. The malware encrypts critical files on a computer, such as Excel, Word, and other important files, and seeks out backup copies for encryption as well. Once it infects a system, it requires the victim to pay approximately $300 in digital currency (Bitcoin), and immediately tries to find other systems to infect.
The virus exploits a known vulnerability in Windows. Microsoft released a patch for this vulnerability, MS17-010, on March 14, 2017. Given the severity of the situation, Microsoft has taken the unusual step of also releasing a patch for out-of-support operating systems like Windows XP, Windows Vista, Windows 8, and Windows Server 2003. The patches for these older operating systems can be found in the Microsoft Update Catalog under KB4012598.
If your Windows systems are patched and up-to-date, they are not currently vulnerable to WannaCry. In addition, Symantec and McAfee customers are protected from this attack.
The rapid spread of this malware through a known vulnerability underscores the need for basic security hygiene: updating operating systems, patching regularly, up-to-date non-local backups and up-to-date malware protection.