Microsoft has issued warnings for users who still use older versions of Windows of a potential security threat.
Patches vs. Potential Attack
Microsoft is urgently encouraging affected users to apply a Windows Update to protect their systems against a potentially widespread attack. The software behemoth has patched fixes in Remote Desktop Services for critical Remote Code Execution vulnerability existing in the following list:
- Windows XP
- Windows 7
- Windows Server 2003
- Windows Server 2008 R2
- Windows Server 2008
Microsoft is taking a very unorthodox approach of rolling-out patches for Windows XP and Windows Server 2003, even though these operating systems have been out of support for quite some time now. For the Windows XP users, they will have to manually download the critical update from Microsoft’s catalog online.
Microsoft: On a Defensive Stance
“This vulnerability is pre-authentication and requires no user interaction,” explains Simon Pope, director of incident response at Microsoft’s Security Response Center. “In other words, the vulnerability is “wormable”, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017”, he further added.
Microsoft states that it hasn’t observed exploits in this vulnerability. However, they warned the public that due to the patches being released, the attackers might reverse engineer Microsoft’s patches and create malware.
On a positive note, users of Windows 8 and Windows 10 aren’t affected by this vulnerability. Though Windows 10 is now more prevalent than Windows 7, there are still millions of computers running on Windows 7. Microsoft, therefore, deduced that a potential attack could be very alarming.
WannaCry All Over Again?
We remember the infamous WannaCry attack, carried out against non-supported Windows operating systems, was also provided by a fix. And now, Microsoft has once again broken from its tradition of not providing patches to unsupported systems by acting against this new threat.
The malware utilized flaws in old versions of Windows to encrypt machines, and demand a $300 ransom before unlocking it. Microsoft is apparently keen to avoid another WannaCry incident, even though it says that “the best way to address this vulnerability is to upgrade to the latest version of Windows.”