Microsoft Patches Critical WannaCry-like Vulnerability, Including Legacy XP and Windows Server 2003
May 15th, 2019
Today Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services (formerly known as Terminal Services) that exists in Windows XP, Windows 7, and server versions like Windows Server 2003, Windows Server 2008 R2, and Windows Server 2008. Newer versions of Windows i.e. Windows 8 and Windows 10 are not affected by the vulnerability because of the strengthened security built into the latest Windows releases.
As a testament to its potential for havoc, Microsoft is taking the unusual step of releasing patches for Windows XP and Windows Server 2003 even though both operating systems are out of support. The reason Microsoft has included these unsupported OS is to prevent a wormable vulnerability that could — if unchecked — wreak havoc in the same way that WannaCry did.
The Remote Desktop Protocol (RDP) itself is not vulnerable. “This vulnerability is pre-authentication and requires no user interaction.” Simon Pope, director of incident response at the Microsoft Security Response Center, wrote in a published post that coincided with the company’s May Update Tuesday release. “In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.”
An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
While no exploitation of this vulnerability has been identified, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware imminently. It is vital that all affected systems are patched as quickly as possible to prevent such a scenario from happening. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests. However, the smarter long-term move is to upgrade to Windows 8 or 10 in the near future.
Microsoft credited the UK’s National Cyber Security Centre for privately reporting the vulnerability.
Check Out Our Other Recent P
Intentional or not, insider threats are on the rise. Don’t take the chance; gain a better understanding in our cyber security infographic.
Locking the Door Is No Longer Enough: Required Capabilities for Identity and Access Threat Prevention
In this blog, we will define the key requirements and capabilities of IATP solutions and the drivers they should support within an organisation.
Malicious actors continue to exploit Remote Desktop Protocol (RDP) to gain access to the target computers. Mitigate your exposure now.