(May 16, 2019) - Microsoft recently announced a critical vulnerability in its Windows operating systems so serious that it is issuing a patch for even unsupported, older versions of Windows. The vulnerability allows for remote code execution in Remote Desktop Services with no authentication at all. In fact, there is no user interaction of any kind required for a malicious actor to exploit the vulnerability.
Microsoft's Simon Pope, director of incident response at Microsoft's Security Response Center, further described the threat to The Verge as follows: "the vulnerability is 'wormable', meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017."
Windows 8 and 10 are unaffected. However, large corporate entities are reporting fevered efforts to identify and patch all of the following vulnerable operating systems:
- Windows XP
- Windows 7
- Windows Server 2003
- Windows Server 2008 R2
- Windows Server 2008
Security updates for Windows XP and Windows Server 2003 are available here.
Security updates for Windows 7, Windows Server 2008 R2, and Windows Server 2008 are available here.
More information about this critical security threat (CVE-2019-0708) is available on the Microsoft TechNet.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.