12px13px15px17px
Date:16/05/19

Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003

Microsoft is taking the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003, citing the discovery of a “wormable” flaw that the company says could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017.
 
The vulnerability (CVE-2019-0708) resides in the “remote desktop services” component built into supported versions of Windows, including Windows 7, Windows Server 2008 R2, and Windows Server 2008. It also is present in computers powered by Windows XP and Windows 2003, operating systems for which Microsoft long ago stopped shipping security updates.
 
Microsoft said the company has not yet observed any evidence of attacks against the dangerous security flaw, but that it is trying to head off a serious and imminent threat.
 
“While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware,” wrote Simon Pope, director of incident response for the Microsoft Security Response Center.
 
“This vulnerability is pre-authentication and requires no user interaction,” Pope said. “In other words, the vulnerability is ‘wormable,’ meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. It is important that affected systems are patched as quickly as possible to prevent such a scenario from happening.”
 
The WannaCry ransomware threat spread quickly across the world in May 2017 using a vulnerability that was particularly prevalent among systems running Windows XP and older versions of Windows. Microsoft had already released a patch for the flaw, but many older and vulnerable OSes were never updated. Europol estimated at the time that WannaCry spread to some 200,000 computers across 150 countries.
 
CVE-2019-0708 does not affect Microsoft’s latest operating systems — Windows 10, Windows 8.1, Windows 8, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, or Windows Server 2012.





Views: 1

©ictnews.az. All rights reserved.

Facebook Google Favorites.Live BobrDobr Delicious Twitter Propeller Diigo Yahoo Memori MoeMesto






22 August 2019

21 08 2019

21/08/19
Worlds first link layer protocol brings quantum internet closer to a reality

Researchers from QuTech have achieved a world's first in quantum internet technology

21/08/19
Cellphone breaks not good for your brain: Study

Using a cellphone to take a break during mentally challenging tasks does not allow the 

21/08/19
Google’s lightweight Go search app is now available worldwide

A year and a half after it had a limited launch in India and Indonesia, the lightweight 

21/08/19
Microsoft’s new SMS Organizer app for Android filters out spam messages

Microsoft has created an SMS Organizer app for Android that’s designed to automatically 

21/08/19
Cerebras Systems unveils a record 1.2 trillion transistor chip for AI

New artificial intelligence company Cerebras Systems is unveiling the largest semiconductor 

21/08/19
Data driven Bosch jointly develops innovative security solution with NetApp

NetApp, a leading data authority for hybrid cloud, and Bosch Building Technologies