Microsoft Patches 'Wormable' Flaw in Windows XP, 7 and Windows 2003

Image of ones and zeros with the word

Image of ones and zeros with the word

About 34 percent of Windows desktop computers are running Windows 7, which was released in 2009, according to StatCounter. Attackers exploiting the vulnerability can run arbitrary code in kernel mode, allowing them to install programs, access, modify and delete data and make new accounts with Administrator privileges.

A newly discovered vulnerability in the commonly used Remote Desktop Services (RDS) that can be abused to create worms or self-spreading malware has prompted Microsoft to create security patches for the obsolete Windows XP and Server 2003 operating systems. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests. An estimated 3 million Remote Desktop Protocol endpoints are now exposed to the internet, according to security researcher Kevin Beaumont, citing data from device search engine Shodan. The company is also backporting a patch for this vulnerability to versions that are no longer supported, such as Windows 2003 and XP.

"Customers who use an in-support version of Windows and have automatic updates enabled are automatically protected", says Microsoft.

Specifically, this vulnerability is "wormable", or able to propagate from one vulnerable PC to another, and without user interaction.

US Assessment Points Finger At Iran for Attack On Tankers
Saudi Arabia on Monday said two Saudi oil tankers were among vessels attacked off the coast of the United Arab Emirates . The minister also vowed that the Saudi oil supply and production won't be affected by the attacks.

The WannaCry ransomware threat spread quickly across the world in May 2017 using a vulnerability that was particularly prevalent among systems running Windows XP and older versions of Windows. "This is a more secure authentication method that can help protect the remote computer from malicious users and malicious software".

"While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware", wrote Simon Pope, director of incident response for the Microsoft Security Response Center.

Partial mitigation against the RDS vulnerability is possible with network-level authentication (NLA). "It is for these reasons that we strongly advise that all affected systems - irrespective of whether NLA is enabled or not - should be updated as soon as possible", Pope said. The latter, CVE-2019-0725, is a particularly nasty memory corruption vulnerability, since all that is needed to exploit it is a well-crafted packet sent to a DHCP server and affects all now supported versions of Windows, client and server. More information can be found, on our blog and the Security Update Guide.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.