Posted on 05/20/2019 5:30:49 PM PDT by dayglored
[dayglored's note: This is direct from the horse's mouth, Microsoft Technet. It's a bad one, like the WannaCry malware from a couple years ago.]
Today [May 14] Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services formerly known as Terminal Services that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is wormable, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.
Now that I have your attention, it is important that affected systems are patched as quickly as possible to prevent such a scenario from happening. In response, we are taking the unusual step of providing a security update for all customers to protect Windows platforms, including some out-of-support versions of Windows.
Vulnerable in-support systems include Windows 7, Windows Server 2008 R2, and Windows Server 2008. Downloads for in-support versions of Windows can be found in the Microsoft Security Update Guide. Customers who use an in-support version of Windows and have automatic updates enabled are automatically protected.
Out-of-support systems include Windows 2003 and Windows XP. If you are on an out-of-support version, the best way to address this vulnerability is to upgrade to the latest version of Windows. Even so, we are making fixes available for these out-of-support versions of Windows in KB4500705.
Customers running Windows 8 and Windows 10 are not affected by this vulnerability, and it is no coincidence that later versions of Windows are unaffected. Microsoft invests heavily in strengthening the security of its products, often through major architectural improvements that are not possible to backport to earlier versions of Windows.
There is partial mitigation on affected systems that have Network Level Authentication (NLA) enabled. The affected systems are mitigated against wormable malware or advanced malware threats that could exploit the vulnerability, as NLA requires authentication before the vulnerability can be triggered. However, affected systems are still vulnerable to Remote Code Execution (RCE) exploitation if the attacker has valid credentials that can be used to successfully authenticate.
It is for these reasons that we strongly advise that all affected systems irrespective of whether NLA is enabled or not should be updated as soon as possible.
Resources
Links to downloads for Windows 7, Windows 2008 R2, and Windows 2008
Links to downloads for Windows 2003 and Windows XP
Simon Pope, Director of Incident Response, Microsoft Security Response Center (MSRC)
The vulnerability affects Windows 7 and earlier, and Windows Server 2008R2 and earlier.
Quick, transform to Linux....
Should I update my XP VMs?
Windows 8, 8.1, and 10, and Server 2012, 2016, 2019 are not affected by this worm.
Yes, if you have them connected to anything else. Note that this vulnerability is in the Remote Desktop service, so if you're not using Remote Desktop Connection, you're okay, but most people do have it enabled.
Or Windows 10, which doesn't have this particular vulnerability. :-)
The cynic in me asks if this isn’t a back door approach for MS to degrade the performance of legacy OS’s.
Windows 10 —> Hardware Upgrade, purge no longer supported old stuff.
So, I hope w Win. 10 I am safe from this.
Thanks, I’ll have to go review and make sure that that feature[bug?] is Kilt.
Whatta bout VNC?
My Geek Squad guy looked it up for me and said you’re fine with Window 10 (But apparently you do for W7 and XP).
Don’t know why that can’t be in the Headline - make it easier for folks.
Why does it say?
Security Vulnerability
Published: 05/14/2019
Correct, Win10 is safe from this one.
I couldn't fit it into the headline, so I put it in my #1 comment.
VNC is a totally different protocol, different service. Unaffected by this; AFAIK the concern is just RDP.
Yep, Win10 is unaffected by this one.
Nah, highly unlikely it's intentional.
HOWEVER, it is certainly a reminder that running older releases of Windows is even more risky than running recent releases of Windows.
Microsoft REALLY, REALLY, REALLY wants you to migrate to Windows 10.
REALLY.
I think I’m safe with my Win98. It cant even hold the update file its memory is so small !!
Since 2000, I’ve disabled Remote Desktop Connections after every new installation of Windows. Call me paranoid, lol.
Wow. Well, yeah, in this particular regard.
But I certainly hope you're not using Win98 to access the internet.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.