2014 was Microsoft’s official timestamp for when Windows XP would stop receiving support. That was until 2017 when a patch was released to defend itself against the WannaCry ransomware situation. 2 years down the line and again it seems Microsoft have released another new patch…. But why?
Microsoft recently released patches for both Windows XP and Windows Server 2003. The reason behind this is said to be to prevent a ‘wormable vulnerability’ that has the potential to cause as much chaos as WannaCry did back in 2017 if unchecked.
On the 14th May 2019, Microsoft stated:
Today Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.
Now that I have your attention, it is important that affected systems are patched as quickly as possible to prevent such a scenario from happening. In response, we are taking the unusual step of providing a security update for all customers to protect Windows platforms, including some out-of-support versions of Windows.
If you need some advice and guidance to do with IT security, or an independent security audit please feel free to contact us directly! CLICK HERE