Microsoft has asked users of the following Windows versions to urgently apply an update which is available today to protect against a potential widespread exploit:
- Windows XP — users of Windows XP will need to manually download the update from Microsoft’s update catalog
- Windows 7
- Windows Server 2003
- Windows Server 2008R2
- Windows Server 2008
Patches can be found on Microsoft’s Customer Guidance for CVE-2019-0708 web page.
Please note that Windows versions 10, 8.1 and 8, as well as Windows Server 2019, Windows Server 2016, Windows Server 2012R2 and Windows Server 2012 are not impacted by this vulnerability.
Although Microsoft has not yet observed attacks, they have described this vulnerability as “wormable” meaning that malware exploiting this vulnerability has the ability to propagate from vulnerable system to vulnerable system in a similar fashion to the WannaCry ransomware attack in 2017, which also targeted older Windows versions. Notably, the patch to prevent WannaCry was released by Microsoft before the attacks began, but it nevertheless remains an active exploit.
Technical Details:
The vulnerability, identified as CVE-2019-0708, is a Remote Desktop Services (“RDS”) (formerly known as Terminal Services) remote execution vulnerability which requires no user interaction and would allow an unauthenticated malicious actor to execute arbitrary code on an affected system via Remote Desktop Protocol (“RDP”). An update will mitigate the vulnerability by correcting how RDS handles connection requests.