Sci-tech

Critical wormhole brings patches for Windows XP and Server 2003

Critical wormhole brings patches for Windows XP and Server 2003”

The flaw, which Microsoft described as "critical", enables an attacker to execute arbitrary code on the target system.

About 34 percent of Windows desktop computers are running Windows 7, which was released in 2009, according to StatCounter. Normally, you need to provide a username and password to access a machine over Remote Desktop Services.

A newly discovered vulnerability in the commonly used Remote Desktop Services (RDS) that can be abused to create worms or self-spreading malware has prompted Microsoft to create security patches for the obsolete Windows XP and Server 2003 operating systems.

Out-of-support operating systems such as Windows XP and Windows 2003 are also affected by the critical CVE-2019-0708 flaw, with users of these Windows versions having to either upgrade to newer releases or to apply the security updates available via KB4500705.

"We are taking the unusual step of providing a security update for all customers to protect Windows platforms, including some out-of-support versions of Windows", the Microsoft Security Response Team wrote in a blog posting today. The vulnerability allows remote code execution with no user involvement or any authentication required, making it a gift to scum looking to spread malware.

It's not generally available yet, but Microsoft has already issued the second quality update for Windows 10 version 1903.

This vulnerability is pre-authentication and requires no user interaction.

Microsoft said the company has not yet observed any evidence of attacks against the risky security flaw, but that it is trying to head off a serious and imminent threat.

"The vulnerability is "wormable", meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017", the advisory states, referring to the Windows nasty that used stolen NSA exploits to hijack boxes.

Microsoft has claimed that it has, as yet, "observed no exploitation of this vulnerability, [but] it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware". "It is for these reasons that we strongly advise that all affected systems - irrespective of whether NLA is enabled or not - should be updated as soon as possible", Pope said.

Windows 7 and its server-based siblings naturally get patches for this, since those operating systems are officially supported until January 2020.

More information on how to download and deploy the update for CVE-2019-0708 is here.



Like this

loading...
loading...

Latest


15 May 2019
Justin Thomas withdraws from PGA Championship with wrist injury
Woods was battling a career-threatening back injury at the time and did not qualify for the United States team. He will be the first player to ride in a cart at a major championship since Casey Martin in the U.S.

15 May 2019
Stocks Slump, Treasuries Up as Trade Clouds Darken: Markets Wrap
The president also ordered tariffs to be raised on all remaining USA imports from China, which are valued at around $300 billion. Kansas City Fed President Esther George and Richmond Fed President Thomas Barkin make appearances.

15 May 2019
Organisers reveal Madonna's Eurovision performance is not yet confirmed
This year's contest is being held in Israel after the country's entry - Netta's song Toy - won the 2018 edition. There remains some confusion over whether Madonna will actually take the stage.

15 May 2019
Sooners earn top seed in NCAA softball tourney
The Wildcats are a No 14 seed and will open the tourney following the Illinois-Virginia Tech contest in the opener at noon. The initial games will be broadcasted LIVE on ESPN3 before later games are designated to its respective ESPN platforms.

15 May 2019
United States 'blames Iran' for damage to tankers in Gulf of Oman
Saudi Arabia's energy minister said on Monday that the attack aimed to undermine security of global crude supplies. Gulf officials have characterised the damage to the tankers as a sabotage.

15 May 2019
Kang claims AT&T Byron Nelson for first PGA Tour win
Kang finished his third round earlier on Sunday with a three-under 68 to enter the final 18 holes with a three-shot lead. Koepka has four consecutive birdies late in his second round, then started Saturday with birdies on the first two holes.

15 May 2019
Strong 6.1 magnitude quake hits Panama
The EMSC reported the quake as happening at a depth of 12km below the earth's surface, while the USGS put the depth at 37 km. Five people were injured in the first quake, which hit 22 km from the town of Puerto Armuelles, said Sinaproc.

15 May 2019
Markets calm amid hopes for US-China talks
For months, as American and Chinese officials faced off at the negotiating table, China's media downplayed the trade tensions. Trump said Monday he Xi would meet during the Group of 20 meeting of major economies on June 28 and 29 in Osaka, Japan.

15 May 2019
Jennifer Lawrence and Cooke Maroney's engagement party: Details
Before meeting the hunk, Jennifer dated 50-year-old filmmaker Darren Aronofsky between 2016 and 2017. Apparently it was a case of love at first sight - and now we're ready for a Hollywood wedding!

15 May 2019
Antoine Griezmann to leave Atletico Madrid
"@AntoGriezmann He has informed the club that he will not continue as rojiblanco next season", a tweet read. I just put the camera there to see how hard it is.