Telecommunications giant Telefonica was among many targets. The details have been revealed by BBC News. However, MS17-010 is a patch for newer operating systems as well, such as Windows 7 and Windows 8.1, plus Windows Server 2008, Windows Server 2012 and even Windows Server 2016.
Microsoft noted that it first patched the vulnerability in a security update in March and Windows users who updated their computers and used the company's free antivirus program were protected from the malware.
Ransomware is software created to prevent the normal function of a computer until a victim pays a ransom. Microsoft issued a patch to fix this flaw back in March 2017, but organizations running older, unsupported versions of Windows (such as Windows XP) were unable to apply the update because Microsoft no longer supplies security patches for those versions of Windows.
Microsoft announced late Friday it was taking the "highly unusual step" of providing a security update for outdated Windows platforms, including Windows XP, Windows 8 and Windows Server 2003, for computers not running Windows 10. Numerous machines attacked today have been breached simply because the latest Windows updates have not been applied quickly enough, but there are still organizations that continue to run Windows XP despite the risks.
Microsoft usually charges businesses to provide custom support agreements for older versions of Windows, which include critical and important software updates from Microsoft beyond the normal end of extended support point.
The malware is being delivered in an infected Microsoft Word file that is sent in an email, disguised as a job offer, an invoice, or another relevant document.
With hindsight, this incident stresses the importance of continual risk assessments of an organisation's business operations; from fundamental patch management to wider issues that consider access. According to Symantec, such attacks have jumped from 340,665 in 2015 to 463,841 a year ago.
The blog post went on to say that worm "executes massive scanning on Internet IP addresses to find and infect other vulnerable computers".