SCOTT SIMON, HOST:
Microsoft has had to update an old system to meet a new threat. Years ago, they stopped supporting the Windows XP operating system, but millions of computers around the world still use it. This week, Microsoft released a security patch for Windows XP to prevent a major attack on vulnerable computers. Brian Barrett, a news editor at WIRED magazine, joins us from member station WBHM in Birmingham. Thanks so much for being with us.
BRIAN BARRETT: Thanks for having me.
SIMON: Microsoft stopped updating Windows XP in 2014, but a lot of places still use it, don't they?
BARRETT: That's right. When you think of Windows XP, you think of maybe people who aren't tech savvy who haven't update their computers in a long time, and that's part of it. But I think the more concerning thing here is that it's also a still popular operating system for industrial control systems, for health care systems, for a lot of places that, for one reason or another, still rely on it and now are potentially exposed.
SIMON: What's Microsoft fixing?
BARRETT: Well, they are saying it has something to do with remote desktop services, which is - you know, if you work in an office, an administrator can sometimes take over your computer to fix a problem, so it has something to do with that. We're not sure exactly what. But the bigger deal is that it's a - it's what's known as a worm, which means that if a hacker takes advantage of it, they can sort of hop from one computer to the next without the person who runs that computer doing anything. So, you know, normally, you think of clicking a link and you get malware or opening an attachment and it happens. This just kind of spreads on its own.
SIMON: Microsoft had to make a fix kind of like this in 2017, didn't they?
BARRETT: They did, and I think that also shows why this is alarming. So I don't know for the listeners who remember - WannaCry, which was a ransomware attack in 2017, spread very quickly across the globe and was only stopped by sort of a piece of chance. A malware researcher figured out a very clever way to stop it before it could spread further. But Microsoft had released a patch for WannaCry a month or two before it hit. And I think that shows you two things - one, that Microsoft thinks that this is that level of urgency, which is pretty big, and, two, even when Microsoft released that patch, it didn't do much good to stop WannaCry because it is hard for people to get around to actually installing it. So, you know, you don't want to overhype these things, but Microsoft says there's a viable threat. And a lot of, you know, computers could be in trouble in the next, weeks, months - who can say.
SIMON: To be plain, we don't have any reason to think anybody is trying to take advantage of the system, do we?
BARRETT: That's right. So Microsoft has said that they hadn't seen anyone attacking this previously. The concern, though, is now that they've said that it's out there and they've pointed to the general area where it is, that's when you start to get a little bit worried because now hackers know where to look. They know what it can do. And there's a big incentive there for them to take advantage of it.
SIMON: How difficult - maybe I should say expensive - is it for companies to change an old operating system?
BARRETT: Difficult and expensive are both the right words, especially when you think about a company - like, say, it's a chemical refining plant. They're operating 24 hours a day, seven days a week, and it's very hard for them to come offline because not only do they have to just sort of update with this patch, they have to test it to make sure that it doesn't interfere with what they're working on already. And especially when you have these sensitive issues like health care, it's hard for a hospital to go offline for a while because if they have parents (ph) relying on critical care, you know, then you don't want interrupt that.
SIMON: Is there a lesson here, whether we have Windows XP or not?
BARRETT: You know, we sometimes forget that there are tens of millions of devices that are vulnerable and that they're very hard to fix, even if the fix is available. So I think the lesson is going to play out over the next weeks and months if we see what if anything actually comes of this. But in the meantime, it's that just being aware of what your vulnerabilities are and taking as many steps as you can to sort of prevent a broad attack.
SIMON: And when you get an update, install it.
BARRETT: I would say so, and at the very least, you get rid of that little pop-up.
SIMON: (Laughter) Brian Barrett, news editor at WIRED magazine, thanks so much for being with us.
BARRETT: Thanks again for having me. Transcript provided by NPR, Copyright NPR.