14 DAY TRIAL // Microsoft discovered a Remote Code Execution vulnerability in Remote Desktop Services in older versions of Windows, and the company shipped an emergency update to resolve it.
Documented in CVE-2019-0708, the vulnerability happens in the pre-authentication stage, and Microsoft says user interaction isn’t even required.
What’s more worrying, however, is that a potential exploit is wormable, which means that it can spread from one device to another, much like WannaCry malware.
The affected Windows versions are Windows XP, Windows Server 2003, Windows 7, and Windows Server 2008. Both Windows 8 and Windows 10 are protected.
Supported versions of Windows, like Windows 7, get this update automatically from Windows Update, while those on retired releases, as it’s the case of Windows XP, need to install the patch manually from the Microsoft Update Catalog.
Microsoft says it’s not aware of any exploitations of the vulnerability, albeit the firm warns that cybercriminals are very likely to reverse engineer the patch and develop malware that compromise unpatched computers.
Second emergency update for Windows XP
Microsoft explains that on devices where patching isn’t possible, IT admins can turn to partial mitigation.
“There is partial mitigation on affected systems that have Network Level Authentication (NLA) enabled. The affected systems are mitigated against ‘wormable’ malware or advanced malware threats that could exploit the vulnerability, as NLA requires authentication before the vulnerability can be triggered,” Simon Pope, Director of Incident Response, Microsoft Security Response Center (MSRC), says.
“However, affected systems are still vulnerable to Remote Code Execution (RCE) exploitation if the attacker has valid credentials that can be used to successfully authenticate.”
This is the second emergency update for Windows XP that Microsoft releases after the OS reached the end of support. Retired in April 2014, Windows XP received a similar patch in 2017 when the WannaCry malware was discovered.
Needless to say, users are recommended to patch their devices as soon as possible to block any potential exploit.