
Patching?
Seems the vulnerabilities were patched in 2016.
Security researchers have suggested that the ransomware attack on University College London last week was spread through a "malvertising" campaign. Proofpoint reckons the AdGholas group spread the infection using malware-tainted online ads. This was a "zero-click required" campaign that could infect users who simply visited a …
1 These compromised sites hosted an exploit kit that used software vulns to push malicious code onto the Windows PCs of visiting surfers, a common hacking and malware distribution technique.2
2 unless those PCs are running up-to-date software and some decent up-to-date anti-malware software, like what any sensible user would.
It really is a shame that so many organizations around the world wrongfully believe that legacy / reactive anti-virus software technology is sufficient in stopping 0-day malware & ransomware. Comodo has 90+ million endpoints protected and not one has been infected, even the CIA is calling it a PITA...