Months after warning users against using Internet Explorer browser, Microsoft is now alerting users of older versions of Windows to update their system to avoid a potential attack. The exploit is touted to trigger even without an action and has the severity of the WannaCry ransomware bug from two years ago which haunted PCs worldwide.
Microsoft is taking a rare but necessary step of issuing security patches for Windows XP and Windows Server 2003 to solve the wormable vulnerability which could spread from one vulnerable computer to another vulnerable computer with ease. The company has also sent out patches to Windows 7, Windows Server 2008, and Windows Server 2008 R2 to protect against that newly reported vulnerability.
Microsoft said a remote code execution vulnerability exists in Remote Desktop Services when “an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests”. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system.
The vulnerability could thus allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights; allowing him to access anything on a user’s PC.
Fortunately, Windows 10 and Windows 8 systems aren’t affected by this vulnerability, though Microsoft’s biggest issue came with Windows 7 which is still running in several machines across the globe. Microsoft is thus attempting to avoid another case of the WannaCry exploit which wreaked havoc across 150 countries with more than 200,000 computers infected back in 2017.