What just happened? Microsoft has warned that the Internet could see a potential widespread attack owing to a high-severity vulnerability found in older versions of Windows. No related exploits have been observed by the company yet but it has urged users to apply the latest security patches to avoid another WannaCry-like incident. Thankfully, Windows 8 and 10 remain unaffected by this vulnerability—Users of Windows 7 and older versions should immediately apply a critical update issued by Microsoft to fix a major security flaw in its Remote Desktop Services, formerly known as Terminal Services. the Remote Desktop Protocol itself is not susceptible, but that the vulnerability is pre-authentication and requires no user interaction
As if a self-replicating, code-execution vulnerability wasn’t serious enough, CVE-2019-0708, as the flaw in Windows Remote Desktop Services is indexed, requires low complexity to exploit. Microsoft Common Vulnerability Scoring System Calculator scores that complexity as 3.9 out of 10. (To be clear, the WannaCry developers had potent exploit code written by, and later stolen from, the National Security Agency, to exploit the wormable CVE-2017-0144 and CVE-2017-0145 flaws, which had exploit complexities rated as “high.”) Ultimately, though, developing reliable exploit code for this latest Windows vulnerability will require relatively little work.
According to Microsoft:
To exploit this vulnerability an attacker must first have gained unprivileged access to a system. This could be done through or malware or a manual attack. “An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with administrator privileges. To exploit the vulnerability, an attacker must first gain unprivileged execution on a victim system.”
“This vulnerability is pre-authentication and requires no user interaction,” Simon Pope, director of incident response at the Microsoft Security Response Center, wrote in a published post that coincided with the company’s security update release. “In other words, the vulnerability is ‘wormable,’ meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.”
As with the nasty WannaCry, a widespread attack that locked computers and held them ransom, Microsoft is taking the rare step of issuing security patches for Windows XP and Windows Server 2003—two “dead” out-of-support operating systems—to subdue the latest worm’s impact. Windows 7, Windows Server 2008, and Windows Server 2008 R2 also received critical updates to protect against this new security vulnerability, which targets the OS’s Remote Desktop Services.
However, Windows 10 indeed provides stronger protection than past versions of Windows, especially if you’ve splurged on a Windows 10 Pro license. But the default security often isn’t enough in today’s hyper-connected world. A solid AV program can’t block gaping security holes like this one, but it can detect and block the more commonplace malware you might encounter during day-to-day life
Users of Windows 7, Windows Server 2008 RT, and Windows Server 2008, all of which are still supported versions of Windows, should use Windows Update to apply the necessary security patch. Older Windows versions like Windows 2003 and XP—which Microsoft ended support for earlier this year—won’t get the fix through Windows Update, but can and should apply it manually.