In the Spotlight This Week
Microsoft has patched a “wormable” vulnerability (CVE-2019-0708) in typically unsupported Windows operating systems, including Windows XP and Windows 2003. The out of the ordinary patch highlights the severity of the flaw, and Microsoft warns that this flaw could be used to propagate a major malware threat.“This vulnerability is pre-authentication and requires no user interaction,” said Simon Pope, director of incident reponse for the Microsoft Security Response Center. “In other words, the vulnerability is ‘wormable,’ meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. It is important that affected systems are patched as quickly as possible to prevent such a scenario from happening.”
CVE-2019-0708 does not affect Microsoft’s latest operating systems: Windows 10, Windows 8.1, Windows 8, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, or Windows Server 2012.
For more information:
Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003
CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability
Prevent a worm by updating Remote Desktop Services (CVE-2019-0708)
Microsoft Fixes Critical Remote Desktop Flaw, Blocks Worm Malware