New WinXP patch to combat WannaCry-like exploit in older OS
Windows XP may be dead, but Microsoft refuses to leave it to the worms.
The company has warned users to apply a critical patch for a remote code execution vulnerability that could open older versions of Windows to attack. Common-sense caution is not enough, because the exploit can trigger even with no action taken by the user. “In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017,” Microsoft’s Simon Pope warns.
As with the nasty WannaCry, a widespread attack that locked computers and held them ransom, Microsoft is taking the rare step of issuing security patches for Windows XP and Windows Server 2003 — two “dead” out-of-support operating systems — to subdue the latest worm’s impact. Windows 7, Windows Server 2008, and Windows Server 2008 R2 also received critical updates to protect against this new security vulnerability, which targets the OS’s Remote Desktop Services.
“While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware,” Pope says “… It is important that affected systems are patched as quickly as possible to prevent [a WannaCry-like] scenario from happening.”
You can find download links for the security updates for all affected Windows operating systems here.
IDG News Service