Microsoft has warned that a computer bug it has now patched could be used by a cyber weapon similar to the WannaCry worm, which spread across the globe two years ago. The software giant took the unusual step of backporting the just-released patch for Windows 2003 and XP, which haven’t been supported in four and five years, respectively.
“Today Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows,” the company said in a blog post.
The Remote Desktop Protocol (RDP) itself is not vulnerable, Microsoft says, and customers running Windows 8 and Windows 10 are not affected.
“This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.
“There is partial mitigation on affected systems that have Network Level Authentication (NLA) enabled. The affected systems are mitigated against ‘wormable’ malware or advanced malware threats that could exploit the vulnerability, as NLA requires authentication before the vulnerability can be triggered. However, affected systems are still vulnerable to Remote Code Execution (RCE) exploitation if the attacker has valid credentials that can be used to successfully authenticate.”