Microsoft’s warning users of older versions of Windows to urgently apply a Windows Update today to protect against a potential widespread attack. The company has released another Windows XP patch for a critical remote code execution vulnerability in Remote Desktop Services. It exists in Windows XP, Windows 7, and server versions like Windows Server 2003, Windows Server 2008 R2, and Windows Server 2008. The only versions missing is Windows Me, 98SE, and Windows 95.
Microsoft is taking the highly unusual approach of releasing patches for Windows XP and Windows Server 2003 even though both operating systems are out of support. Windows XP users will have to manually download the update from Microsoft’s update catalog.
“This vulnerability is pre-authentication and requires no user interaction,” explains Simon Pope, director of incident response at Microsoft’s Security Response Center. “In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.”
Microsoft says it hasn’t observed exploits of this vulnerability, but now that the patches are being released it’s only a matter of time before attackers reverse engineer Microsoft’s patches and create malware. In essence, no one has discovered it yet, but now that it’s out in the open – it’s only a matter of time.
Windows 8 and 10 machines aren’t affected by this vulnerability. While Windows 10 is now more popular than Windows 7, there are still millions of machines running Windows 7. If you’re still running Windows 7, you are certainly asking for it.
This is only the second time Microsoft offered a patch after ending support for older versions of Windows. It is important to upgrade your operating system, especially if you’re using Windows XP. While it is a near perfect OS, there is no way you can run anything on it. It is time to let go and have Microsoft stop running Windows XP patch.