Microsoft Pushes Rare Windows XP Patch For WannaCry-Style Wormable Exploit
For the few of you who are still clinging to Windows XP, there is a new security update available. That's right, Microsoft has issued a rare patch for the defunct operating system, along with a few other versions of Windows, to protect against a 'wormable' exploit that could spread from infected PC to infected PC in a similar manner as WannaCry.
This is a remote code execution vulnerability (CVE-2019-0708) that is present in Remote Desktop Services (formerly known as Terminal Services). It affects older versions of Windows dating all the way back to Windows XP. Other affected versions include Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows 2008.
Microsoft says this vulnerability is "pre-authentication and requires no user interaction." That is partly what makes it so dangerous. It can spread in worm-like fashion, just like the troublesome WannaCry malware did in 2017.
"It is important that affected systems are patched as quickly as possible to prevent such a scenario from happening. In response, we are taking the unusual step of providing a security update for all customers to protect Windows platforms, including some out-of-support versions of Windows," Microsoft said.
Microsoft also said that it has not observed this vulnerability being exploited in the wild, however "it is highly likely that malicious actors will write an exploit" for it and incorporate it into their malware. Hence why Microsoft has taken the unusual step of patching older versions of Windows.
Of course, Microsoft would prefer it users upgraded to Windows 10. Both it and Windows 8/8.1 are not affected by this vulnerability, which prompted Microsoft to pat itself on the back.
"It is no coincidence that later versions of Windows are unaffected. Microsoft invests heavily in strengthening the security of its products, often through major architectural improvements that are not possible to backport to earlier versions of Windows," Microsoft added.
While that's obviously a self-serving statement, Microsoft has a point. WannaCry was a particularly nasty strain of malware that was able to quickly spread to PCs across the globe, infecting hundreds of thousands of computers in short order. It was a stroke of luck that someone discovered a so-called kill switch early on, or else WannaCry could have been a much bigger headache than it already was.
At this point, Windows XP accounts for less than 4 percent of all Windows machines, according to Net Applications. However, Windows 7, which is also affected by this, accounts for 39 percent, the same as Windows 10. All combined, there are more Windows 7 and Windows XP machines than there are Windows 10.