CVE-2019-0708



Microsoft provide security patches for Windows XP to Server 2008 to avoid another WannaCry indecent

Microsoft has released a bundle of security fixes for this weeks Patch Tuesday, however the most noticeable is one for out-of-support operating systems Windows XP and Server 2003.

Because of the seriousness of the critical flaw (assigned CVE-2019-0708) in Remote Desktop Services. The vulnerability allows remote code execution with no user involvement or any authentication required, making it ripe for exploitation via malware.

The vulnerability is ‘wormable’, meaning that malware could propagate from vulnerable computer to vulnerable computer in a similar way to WannaCry did in 2017

Microsoft commented that “While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware. It is important that affected systems are patched as quickly as possible to prevent such a scenario from happening. In response, we are taking the unusual step of providing a security update for all customers to protect Windows platforms, including some out-of-support versions of Windows.”

Affected operating system include: Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, and Windows XP.

Comment!

Leave a Reply

Your email address will not be published. Required fields are marked *