Microsoft Finds Major Bug in Older Windows, Releases Emergency Windows XP Update

[silversurfer]

Microsoft discovered a Remote Code Execution vulnerability in Remote Desktop Services in older versions of Windows, and the company shipped an emergency update to resolve it.
 
Documented in CVE-2019-0708, the vulnerability happens in the pre-authentication stage, and Microsoft says user interaction isn’t even required.
What’s more worrying, however, is that a potential exploit is wormable, which means that it can spread from one device to another, much like WannaCry malware.
 
The affected Windows versions are Windows XP, Windows Server 2003, Windows 7, and Windows Server 2008. Both Windows 8 and Windows 10 are protected.
Supported versions of Windows, like Windows 7, get this update automatically from Windows Update, while those on retired releases, as it’s the case of Windows XP, need to install the patch manually from the Microsoft Update Catalog.
 
Microsoft says it’s not aware of any exploitations of the vulnerability, albeit the firm warns that cybercriminals are very likely to reverse engineer the patch and develop malware that compromise unpatched computers.

SOURCE: https://news.softpedia.com/news/microsof...6033.shtml