Microsoft issued a patch Tuesday to mend a “critical” vulnerability to remote desktop services. The severity of this vulnerability hasn’t been seen since WannaCry infected 230,000 computers in 150 countries two years ago.
The patch covers Windows XP, Windows 2003, Windows 7, Windows 8 R2 and Windows Server 2008. Users running Windows 8 and Windows 10 are not affected.
This vulnerability requires no user interaction. It’s described by Microsoft director of incident response Simon Pope as “wormable,” meaning that any future malware that exploits this vulnerability could propagate from one computer to another the way WannaCry proliferated globally in 2017.
“While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware,” Pope wrote in his blog. Pope stressed that systems should be patched “as quickly as possible.”
Downloads for in-support versions of Windows can be acquired in the Microsoft Security Update Guide. Those who have automatic updates enabled on their in-support version of Windows are protected.
Microsoft suggests users running out-of-support systems Windows 2003 and Windows XP to upgrade to the most recent version of Windows. It is making fixes available for these versions in KB4500705. Here are the links to download for Windows 7, Windows 2008 R2 and Windows 2008.
To discuss security strategy, contact Security Analyst Frank Verdecchia at firstname.lastname@example.org.