by Paul Lilly — Wednesday, May 15, 2019
For the few of you who are still clinging to Windows XP, there is a new security update available. That's right, Microsoft has issued a rare patch for the defunct operating system, along with a few other versions of Windows, to protect against a 'wormable' exploit that could spread from infected PC to infected PC in a similar manner as WannaCry.
This is a remote code execution vulnerability (CVE-2019-0708) that is present in Remote Desktop Services (formerly known as Terminal Services). It affects older versions of Windows dating all the way back to Windows XP. Other affected versions include Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows 2008.
Microsoft says this vulnerability is "pre-authentication and requires no user interaction." That is partly what makes it so dangerous. It can spread in worm-like fashion, just like the troublesome WannaCry malware did in 2017.
"It is important that affected systems are patched as quickly as possible to prevent such a scenario from happening. In response, we are taking the unusual step of providing a security update for all customers to protect Windows platforms, including some out-of-support versions of Windows," Microsoft said.
[...continues...]