What just happened? Microsoft has warned that the Internet could see a potential widespread attack owing to a high-severity vulnerability found in older versions of Windows. No related exploits have been observed by the company yet but it has urged users to apply the latest security patches to avoid another WannaCry-like incident. Thankfully, Windows 8 and 10 remain unaffected by this vulnerability.
Users of Windows 7 and older versions should immediately apply a critical update issued by Microsoft to fix a major security flaw in its Remote Desktop Services, formerly known as Terminal Services. According to the company, the Remote Desktop Protocol itself is not susceptible, but that the vulnerability is pre-authentication and requires no user interaction.
"In other words, the vulnerability is 'wormable', meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017." Simon Pope, director of incident response at the Microsoft Security Response Center, wrote in a blog post.
Windows 10 and 8 remain unaffected by this issue as "Microsoft invests heavily in strengthening the security of its products, often through major architectural improvements that are not possible to backport to earlier versions of Windows." While machines running Windows 7, Windows Server 2008 R2, and Windows Server 2008 are vulnerable, in-support systems and patches for these versions can be found in the Microsoft Security Update Guide.
For out-of-support systems including the Windows Server 2003 and Windows XP, Microsoft recommends upgrading to the latest version of Windows as the best way to address this vulnerability. However, the company did provide fixes in KB4500705, which users will have to apply manually. Considering that millions of devices around the world including many ATMs still use XP, a fix was indeed critical and now what remains is applying it.
The vulnerability was privately reported to Microsoft by the UK's National Cyber Security Center and is considered high-severity and requires low complexity to exploit.