(May 16, 2019) - Microsoft recently announced a critical vulnerability in its Windows operating systems so serious that it is issuing a patch for even unsupported, older versions of Windows. The vulnerability allows for remote code execution in Remote Desktop Services with no authentication at all. In fact, there is no user interaction of any kind required for a malicious actor to exploit the vulnerability.
Microsoft’s Simon Pope, director of incident response at Microsoft’s Security Response Center, further described the threat to The Verge as follows: “the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.”
Windows 8 and 10 are unaffected. However, large corporate entities are reporting fevered efforts to identify and patch all of the following vulnerable operating systems:
Windows XP
Windows 7
Windows Server 2003
Windows Server 2008 R2
Windows Server 2008
Security updates for Windows XP and Windows Server 2003 are available here.
Security updates for Windows 7, Windows Server 2008 R2, and Windows Server 2008 are available here.
More information about this critical security threat (CVE-2019-0708) is available on the Microsoft TechNet.
Each of the firm's offices include partners, associates and a professional staff dedicated to meeting the challenge of providing the firm's clients with extraordinary service.