Microsoft made the rare decision to release security patches for server and desktop versions of Windows that are long out of support, so you know it’s serious.
The vulnerability (CVE-2019-0708) resides in the Remote Desktop Services component built into all versions of Windows. RDP, formerly known as Terminal Services, is itself not vulnerable. CVE-2019-0708 is pre-authentication and requires no user interaction, meaning any future malware could spread from one vulnerable machine to another.
CVE-2019-0708 affects Windows XP, Windows 7, Windows Server 2003, Windows Server 2008 R2 and Windows Server 2008. It do not impact Microsoft’s latest operating systems; Windows 8 to 10 and Windows Server 2012 to 2019 are not affected.
In the Microsoft Security Response Center blog post, Simon Pope, Director of Incident Response for MSRC, wrote, “This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is “worming”, which means that any future malware exploiting this vulnerability could spread from one vulnerable computer to another in the same way that the WannaCry malware spread through. the world in 2017. It is important that affected systems are patched as soon as possible to prevent such a scenario from occurring.
He added: “Although we have not observed any exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and integrate it into their malware.”
The WannaCry ransomware spread rapidly in May 2017, using a vulnerability that was particularly prevalent among older versions of Windows. Microsoft released patches for this, but many machines in Europe and other parts of the world weren’t updated, possibly because they were running pirated versions of Windows.
All in all, it was a busy Patch Tuesday, with 16 updates targeting at least 79 security vulnerabilities in Windows and related software, and nearly a quarter of them rated critical, the most severe rating.
Nobody knows how many Windows Server 2003 and 2008 installations exist, because even IDC isn’t sure. The majority of old servers run on old hardware and perform menial tasks, such as running reports or archiving and printing, and companies simply haven’t bothered to retire them.
But since it’s not good to be the source of a worm infestation, it’s worth checking your servers to see what you have. And in my experience, there are probably a lot more Windows Server 2003 and 2008 systems out there than most people realize. I’m never surprised at IT’s ability to lose track of assets.
Copyright © 2019 IDG Communications, Inc.
Comments are closed.