Still on Windows XP? Update Manually or Get Wormed

@ 2019/05/15
Microsoft just patched a remote code execution hole in Windows XP with a critical update—over five years after it left mainstream support. However, Windows Update won’t automatically install it. You’ll have to manually download and install it from Microsoft’s website.

As Microsoft’s Security Response Center explains, this patch fixes a “wormable” vulnerability in Remote Desktop Service in Windows XP, Windows Server 2003, Windows 7, and Windows Server 2008:

The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.

Microsoft took the unexpected step of issuing a critical security patch for Windows XP (and Windows Server 2003) more than five years after Microsoft ended mainstream support. That’s how huge this bug is.

No comments available.