Microsoft announce CRITICAL security update to prevent “another WannaCry” attack

Microsoft has announced the discovery of a serious vulnerability affecting older versions of Windows and urged their customers to update their computers straight away.

You know a vulnerability is pretty serious when Microsoft offer their Windows XP users a patch. XP – which hasn’t been officially supported for years – has had only a handful of security patches made available for it since its support life-cycle expired, most notably during the 2017 WannaCry ransomware attacks that crippled thousands of networks worldwide.

This week, another patch has been made available to XP users (as well as Windows 2003 and Windows 7 users) after a vulnerability was discovered that – according to Microsoft – had the potential to be exploited in another global WannaCry-style attack.


Sponsored Content. Continued below...




That means the vulnerability could allow cyber-crooks to spread their malware from computer to computer, without any human interaction whatsoever. I.e. a computer worm. Additionally the vulnerability could potentially give crooks full access to infected devices, including the ability to modify and delete files, or create full privilege admin accounts.

Basically, vulnerabilities don’t get worse than that.

Simon Pope, Director of Incident Response at Microsoft said this in a statement –

This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.

The vulnerability exploits a flaw in the Remote Desktop Services feature that comes with Windows operating systems.

Windows users using Windows 8 or 10 are not affected by this vulnerability.


Sponsored Content. Continued below...




Affected versions of Windows are Windows XP and Windows Server 2003 (both officially unsupported) and Windows 7, Windows Server 2008 R2 and Windows Server 2008.

Microsoft has said that it has not seen anyone exploiting this vulnerability yet. However, this may soon change. Why? Because now a security patch has been issued to fix the flaw, it is likely that cyber-crooks will take that patch, reverse engineer it, in order to determine what vulnerability it was fixing.

The 2017 WannaCry attacks demonstrated that far too many people and businesses are still using out-of-support operating systems such as Windows XP. It is likely that in 2019 not much has changed. And while Microsoft would no doubt like to completely wash their hands of XP, given that so many people out there are still using it, the risk of another global worm-like attack is too great; alas another security patch for XP is available.

So if you run an affected version of Windows, get the update. If automatic updates are on, you should have installed the update during Patch Tuesday. If you delay updates or do it manually, you can get the update from here if you’re using supported software (like Windows 7) or here if you’re using out-of-support Windows (like XP.)

And while you’re here – if you are running Windows XP, this is yet another reminder to please, please update.

Microsoft credited the UK’s National Cyber Security Centre for privately reporting the vulnerability.