A newly discovered vulnerability in the commonly used Remote Desktop Services (RDS) that can be abused to create worms or self-spreading malware has prompted Microsoft to create security patches for the obsolete Windows XP and Server 2003 operating systems.
CVE-2019-0708 allows someone sending specially crafted packets to Windows Server's Remote Desktop Services system to run code on it, even if they are not authenticated on the system.
Microsoft mentions that some older Windows OSes will have partial mitigation against the vulnerability if they have Network Level Authentication (NLA) enabled, as NLA requires authentication before the vulnerability can be triggered.More news: Pompeo to Lavrov: Trump Administration doesn't recognize Russia's attempted annexation of Crimea
There is now no indication that the flaw is already being exploited, but Microsoft said it is "highly likely" that malicious actors will soon write an exploit to incorporate it into malware.
Microsoft said the vulnerability is "wormable", which means attackers could use it to spread malware across devices in a similar manner to the way WannaCry spread in 2017. "It is critically important for organizations and system administrators to apply patches as soon as possible to reduce their risk of compromise". "In response, we are taking the unusual step of providing a security update for all customers to protect Windows platforms, including some out-of-support versions of Windows".
Windows XP and Windows 2003 systems are out of support, and being so aged Microsoft strongly recommends users update to a newer OS.
"Customers running Windows 8 and Windows 10 are not affected by this vulnerability, and it is no coincidence that later versions of Windows are unaffected".More news: LIVE WITH KELLY AND RYAN Announces Return of AMERICAN IDOL ENCORE
The remaining 18 critical flaws are for scripting engines and browsers, and while all should be patched there's no evidence as yet that any are being exploited in the wild.
That flaw, spotted by researchers at NCC Group, is a logic vulnerability that can be exploited to gain "remote access to a host's storage via Edge, Internet Explorer, Firefox and Chrome on Microsoft Windows by a malicious Citrix server".
Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling, for 64-Bit (x64) versions of Windows (CVE-2019-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130).More news: Trump still confident of striking deal with China
- Rafa Benitez Emerges As Favourite For Celtic Job
- IRAN: British Council worker jailed for spying for UK
- Crowned by Burger King, meat replacement company Impossible Foods raises $300 million
- Sri Lanka clashes kill one; imposes nationwide curfew after mosques attacked
- MPs To Vote On Theresa May's Brexit Vote AGAIN Next Month
- Guardiola beats Klopp to manager of the year award
- GAME OF THRONES' Creators' STAR WARS Film To Follow Skywalker Saga
- Third of Scottish adults anxious over body image, report finds
- Red Dead Redemption 2 Has Shipped Over 24 Million Copies Worldwide
- Championship play-offs: Aston Villa pip West Brom to final spot