Microsoft warns of major WannaCry-like Windows security exploit, releases XP patches

May 15, 2019

Microsoft is warning users of older versions of Windows to urgently apply a Windows Update today to protect against a potentially widespread attack.

*Editorial Note: Listen UP!! If Microsoft is providing a security patch for Windows XP in 2019, then this is very real! At a minimum, install the patch. Better yet, upgrade your computer to Windows 10.

The software giant has patched a critical remote code execution vulnerability in Remote Desktop Services that exists in Windows XP, Windows 7, and server versions like Windows Server 2003, Windows Server 2008 R2, and Windows Server 2008.

Microsoft is taking the highly unusual approach of releasing patches for Windows XP and Windows Server 2003 even though both operating systems are out of support. Windows XP users will have to manually download the update from Microsoft’s update catalog.

“This vulnerability is pre-authentication and requires no user interaction,” explains Simon Pope, director of incident response at Microsoft’s Security Response Center. “In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.”

ATTACKERS WILL LIKELY START MAKING MALWARE NOW THAT PATCHES ARE OUT

Microsoft says it hasn’t observed exploits of this vulnerability, but now that the patches are being released it’s only a matter of time before attackers reverse engineer Microsoft’s patches and create malware. Thankfully, Windows 8 and Windows 10 machines aren’t affected by this vulnerability.

While Windows 10 is now more popular than Windows 7, there are still millions of machines running Windows 7, so a potential attack could be very troublesome.

Microsoft broke from its tradition of not supplying patches for Windows operating systems that are out of support back when thousands of computers in more than 100 countries were affected by malware known as WannaCry.

The malware used flaws in old versions of Windows to encrypt computers and demand a $300 ransom before unlocking it. Microsoft is clearly keen to avoid another WannaCry, even though it says “the best way to address this vulnerability is to upgrade to the latest version of Windows.”

Related Articles

EHR Vendor Slapped With HIPAA Fine

EHR Vendor Slapped With HIPAA FineInvestigation Came in Wake of Cyberattack That Affected Millions Federal regulators have smacked a cloud-based electronics health records vendor with a $100,000 HIPAA settlement in the wake of a 2015 cyberattack that affected millions...

‘BlueKeep’ Windows Remote Desktop flaw gets PoC exploits

‘BlueKeep’ Windows Remote Desktop flaw gets PoC exploitsMultiple researchers created proof-of-concept exploits, including remote code execution attacks, targeting the recently patched Windows Remote Desktop flaw called BlueKeep. Microsoft patched a...

Database with millions of Instagram influencers’ info leaked online

Database with millions of Instagram influencers’ info leaked onlineThe leaked database was discovered on Shodan on May 14th. A huge online database containing private contact information including phone numbers and email IDs of roughly 50 million Instagram profiles...

Stay Up to Date With The Latest News & Updates

Join Our Newsletter

Get weekly tech updates and immediate alerts when there is a zero-day or security issue!

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!

Share This