Microsoft has issued warnings for users who still use older versions of Windows of a potential security threat.
Patches vs. Potential Attack
Microsoft is urgently encouraging affected users to apply a
Windows Update to protect their systems against a potentially widespread
attack. The software behemoth has patched fixes in Remote Desktop Services for critical Remote
Code Execution vulnerability existing in the following list:
- Windows XP
- Windows 7
- Windows Server 2003
- Windows Server 2008 R2
- Windows Server 2008
Microsoft is taking a very unorthodox approach of
rolling-out patches for Windows XP and Windows Server 2003, even though these
operating systems have been out of support for quite some time now. For the
Windows XP users, they will have to manually download the critical update from
Microsoft: On a Defensive Stance
“This vulnerability is pre-authentication and requires no
user interaction,” explains
Simon Pope, director of incident response at Microsoft’s Security Response
Center. “In other words, the vulnerability is “wormable”, meaning that any
future malware that exploits this vulnerability could propagate from vulnerable
computer to vulnerable computer in a similar way as the WannaCry malware spread
across the globe in 2017”, he further added.
Microsoft states that it hasn’t observed exploits in this
vulnerability. However, they warned the public that due to the patches being
released, the attackers might reverse engineer Microsoft’s patches and create
On a positive note, users of Windows 8 and Windows 10 aren’t
affected by this vulnerability. Though Windows 10 is now more prevalent than
Windows 7, there are still millions of computers running on Windows 7.
Microsoft, therefore, deduced that a potential attack could be very alarming.
WannaCry All Over Again?
We remember the infamous WannaCry
attack, carried out against non-supported Windows operating systems, was
also provided by a fix. And now, Microsoft has once again broken from its
tradition of not providing patches to unsupported systems by acting against
this new threat.
The malware utilized flaws in old versions of Windows to
encrypt machines, and demand a $300 ransom before unlocking it. Microsoft is
apparently keen to avoid another WannaCry incident, even though it says that
“the best way to address this vulnerability is to upgrade to the latest version