Microsoft Patches 'Wormable' Flaw in Windows XP, 7 and Windows 2003

Microsoft Patches 'Wormable' Flaw in Windows XP, 7 and Windows 2003

Microsoft Patches 'Wormable' Flaw in Windows XP, 7 and Windows 2003

What just happened? Microsoft has warned that the Internet could see a potential widespread attack owing to a high-severity vulnerability found in older versions of Windows. However, affected systems are still vulnerable to Remote Code Execution (RCE) exploitation if any attacker somehow has valid credentials.

A newly discovered vulnerability in the commonly used Remote Desktop Services (RDS) that can be abused to create worms or self-spreading malware has prompted Microsoft to create security patches for the obsolete Windows XP and Server 2003 operating systems.

Users of Windows 7 and older versions should immediately apply a critical update issued by Microsoft to fix a major security flaw in its Remote Desktop Services, formerly known as Terminal Services. This vulnerability is pre-authentication and requires no user interaction. The vulnerability, he said, "should be the highest priority patching because, in addition to the wormable capabilities in this exploit, many modern ransomware variants, such as Dharma, Robbinhood, and CrySIS, often use vulnerable RDP servers to gain access to victim networks".

Security updates to Internet Explorer, Microsoft Scripting Engine, Microsoft Edge, Windows Storage and Filesystems, Microsoft Graphics Component, Windows App Platform and Frameworks, Windows Cryptography, Windows Datacenter Networking, Windows Server, Windows Virtualization, Windows Kernel, and the Microsoft JET Database Engine. "It is important that affected systems are patched as quickly as possible to prevent such a scenario from happening".

"Customers who use an in-support version of Windows and have automatic updates enabled are automatically protected", says Microsoft.

More news: Iranian British Council Worker Sentenced to 10 Years for 'Spying', Says Judiciary
More news: Russian Federation says S-400 deal's implementation in 'full swing'
More news: United Kingdom softball team opens NCAA Tournament at home against Toledo

Users running Windows 8 and Windows 10 aren't at risk of this particular exploit, although it's always wise to keep up to date with the latest security patches regardless.

Microsoft also issued mitigation guidance for the latest hardware design flaws affecting Intel processors that allow so-called Microarchitectural Data Sampling (MDS) attacks.

One of the priorities this month is CVE-2019-0863, which is an elevation of privilege vulnerability in Windows that's already being exploited by attackers.

Patches for a mammoth 84 flaws were released for Adobe Acrobat and Reader on Windows and MacOS, so head to APSB19-18 for details. However, it has made fixes available for these systems as patch KB4500705.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.