Microsoft has taken steps to release security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003. The company took this move as a part of its May 14 Patch Tuesday, due to the discovery of a “wormable” flaw that could be a major threat similar to the WannaCry ransomware attacks of 2017.
The WannaCry ransomware threat was quick to spread across the world in May 2017 due to a vulnerability that was prevalent among systems running Windows XP and older versions of Windows.
CVE-2019-0708, remote desktop services vulnerability
The CVE-2019-0708 vulnerability is in remote desktop services into supported versions of Windows, including Windows 7, Windows Server 2008 R2, and Windows Server 2008. It is present in computers powered by Windows XP and Windows 2003.
To attack the system, an unauthenticated attacker connects to the target system using Remote Desktop Protocol (RDP) and then sends specially crafted requests. This security update now corrects how Remote Desktop Services handles connection requests.
Though the vulnerability CVE-2019-0708 does not affect Microsoft’s latest operating systems, including, Windows 10, Windows 8, Windows 8.1, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, or Windows Server 2012.
The company hasn’t observed any evidence of attacks against this security flaw, but it might head off a serious and imminent threat.
Simon Pope, director of incident response for the Microsoft Security Response Center said, “This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable,’ meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. It is important that affected systems are patched as quickly as possible to prevent such a scenario from happening.”
CVE-2019-0863, zero-day vulnerability
One of the security updates fixed a zero-day vulnerability, (CVE-2019-0863) in the Windows Error Reporting Service. An attacker who can successfully exploit this vulnerability can run arbitrary code in kernel mode.The attacker can then install programs; change, view, or delete data; or create new accounts with administrator privileges.
An attacker has to gain unprivileged execution on the victim’s system in order to exploit the vulnerability. Microsoft’s security update addresses this vulnerability by correcting the way WER (Windows Error Reporting) handles files.
According to Chris Goettl, director of product management for security vendor Ivanti, this vulnerability has already been seen in targeted attacks.
Microsoft Office and Office365, Sharepoint, .NET Framework and SQL server are some of the other Microsoft products that received patches.
To know more about this news, check out Microsoft’s page.