How did unpatched systems lead to the WannaCry attack?

WannaCry exploited a Windows vulnerability called EternalBlue (CVE-2017-0144) that Microsoft had patched two months before the attack in March 2017. Organizations that delayed applying the patch were hit when WannaCry spread in May, infecting over 200,000 systems across 150 countries. The UK's National Health Service was severely disrupted, with estimated damages exceeding $4 billion globally. The entire outbreak was preventable with a single, timely patch.

How should organizations prioritize which updates to install first?

Security patches rated "critical" or "high" by the vendor or by CVSS score (7.0 and above) should be applied within days, not weeks. Patches for vulnerabilities that are actively exploited in the wild, flagged by CISA's Known Exploited Vulnerabilities catalog, should be treated as emergencies. Lower-severity updates and feature releases can follow a regular monthly cycle. Automated patch management tools help enforce these timelines without relying on individual users to act.

OS Updates & Patching Basics

See why skipping updates opens real attack paths.

What You'll Learn

Understand why security patches exist and how unpatched vulnerabilities become entry points for ransomware, malware, and data breaches
Install critical security updates within 24-48 hours of release and configure automatic updates on all work devices
Distinguish between critical security patches that require immediate action and feature updates that can follow standard deployment schedules
Check your current operating system version and verify that automatic update settings are properly configured
Report update failures or conflicts to your IT team instead of disabling automatic updates or indefinitely postponing patches

Training Steps

Introduction

Welcome to Meridian Analytics! You are Alice, a data analyst responsible for processing client reports and financial data. Today, you will learn why operating system updates are critical for security - and what can happen when they are ignored.
Starting the Workday

It's Monday morning at Meridian Analytics. Alice settles into her home office and opens her email. A message from her manager David is at the top of the inbox - the Q4 quarterly report is due by Friday, and the client presentation needs to be finalized before tomorrow's meeting.
Working on the Presentation

With the deadline looming, Alice opens her file manager to work on the client presentation. She needs to review the slides and make sure the data analysis sections are complete before tomorrow's meeting.
Update Notification

While reviewing the presentation slides, a notification appears in the corner of Alice's screen: 'Critical Security Update Available - Restart Required' The update has been pending for several days. Alice knows she should install it, but the client presentation is due tomorrow and the quarterly report by Friday.
Back to Work

Alice dismisses the notification, telling herself she'll install the update after the report is finished. She returns to the presentation, focused on meeting the deadline. The update notification fades from her mind as she dives into the slides. Three days pass. Alice has been busy with meetings, client calls, and more reports. The update notification has appeared twice more, and each time she clicked 'Remind me later.' Meanwhile, news reports reveal that a major vulnerability in operating systems is being actively exploited by attackers worldwide.
Lunch Break Browsing

It's Thursday. After a productive morning working on the presentation, Alice takes a break to catch up on some reading. A colleague has shared an article about market trends that could be useful for the quarterly report. She opens the email and clicks the link without a second thought.
The Attack Begins

The article page begins to load, but something is wrong. Alice's computer suddenly freezes. The screen flickers, and a dreaded blue screen appears with an error message. The news website had been compromised with a malicious script that exploited the exact vulnerability the pending security update was meant to fix.
Restarting the System

Alice restarts her computer, hoping it was just a glitch. As the system boots up, she notices something is wrong - the desktop background has changed, and several of her files have strange extensions.
Checking the Files

Something feels wrong. Alice rushes to check her important work documents - the quarterly report she's been working on for weeks.
The Ransom Note

Alice's presentation is gone - replaced by a chilling ransom demand. Every file on her computer has been encrypted. The attackers are demanding 0.5 Bitcoin to unlock her files. The quarterly report, the client presentation, months of financial analysis - all held hostage.

What You'll Learn

Training Steps

Introduction

Starting the Workday

Working on the Presentation

Update Notification

Back to Work

Lunch Break Browsing

The Attack Begins

Restarting the System

Checking the Files

The Ransom Note