Researchers Suggest Windows XP Was Immune To WannaCry Virus

Windows XP

Blue screens of death may have been the worst-case scenario for Windows XP devices

It turns out that devices running Windows XP operating systems weren’t actually as vulnerable to the WannaCry ransomware virus as was first thought, according to research carried out by Kryptos Logic.

Kryptos suggests that, although Windows XP is vulnerable when the WannaCry binary is executed locally on the host, the OS didn’t actually contribute much to the early wave of infections.

This is because the virus was predominantly spread over the network via the MS17-010 SMB vulnerability used by Windows machines.


Windows XP

WannaCry used two types of exploit codes: ETERNALBLUE and DOUBLEPULSAR. Kryptos decided to test the code in four different scenarios: Windows XP with Service Pack 2, Windows XP with Service Pack 3, Windows 7 64 bit with Service Pack 1 and Windows Server 2008 with Service Pack 1.

The researchers found that infection was unsuccessful in both Windows XP scenarios, with the worst outcome being the blue-screen of death (BSOD).

Windows 7 64 bit with Service Pack 1 became infected after multiple attempts and Windows Server 2008 with Service Pack 1 was reported as exploited.

“Since the main infection vector here was the SMB exploit, it seems like XP did not contribute much to the total infection counts,” write the researchers. “To be clear, the Windows XP systems are vulnerable to ETERNALBLUE, but the exploit as implemented in WannaCry does not seem to reliably deploy DOUBLEPULSAR and achieve proper RCE, instead simply hard crashing our test machines.

“The worst case scenario, and likely scenario, is that WannaCry caused many unexplained blue-screen-of-death crashes.”

WannaCry, also known as WannaCrypt, caused havoc earlier this month when it spread like wildfire across the globe, attacking the NHS and hundreds of other organisations before being stopped by a ‘kill switch’ developed by a security researcher.

It has since gone on to hit the Russian postal service and has been linked to a North Korean hacking group by the likes of Symantec and Kaspersky Lab.

Do you know all about security in 2017? Try our quiz!