1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Microsoft patches major vulnerability in Windows 7 and XP to prevent another WannaCry-like...

By Humza ยท 8 replies
May 15, 2019
Post New Reply
  1. Users of Windows 7 and older versions should immediately apply a critical update issued by Microsoft to fix a major security flaw in its Remote Desktop Services, formerly known as Terminal Services. According to the company, the Remote Desktop Protocol itself is not susceptible, but that the vulnerability is pre-authentication and requires no user interaction.

    "In other words, the vulnerability is 'wormable', meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017." Simon Pope, director of incident response at the Microsoft Security Response Center, wrote in a blog post.

    Windows 10 and 8 remain unaffected by this issue as "Microsoft invests heavily in strengthening the security of its products, often through major architectural improvements that are not possible to backport to earlier versions of Windows." While machines running Windows 7, Windows Server 2008 R2, and Windows Server 2008 are vulnerable, in-support systems and patches for these versions can be found in the Microsoft Security Update Guide.

    For out-of-support systems including the Windows Server 2003 and Windows XP, Microsoft recommends upgrading to the latest version of Windows as the best way to address this vulnerability. However, the company did provide fixes in KB4500705, which users will have to apply manually. Considering that millions of devices around the world including many ATMs still use XP, a fix was indeed critical and now what remains is applying it.

    The vulnerability was privately reported to Microsoft by the UK's National Cyber Security Center and is considered high-severity and requires low complexity to exploit.

    Permalink to story.

  2. Nobina

    Nobina TS Evangelist Posts: 1,947   +1,492

    It is unusual for Microsoft to not capitalise on this and get people moving from older Windowses to Windows 10 by coming up with an excuse to not fix it cause it's old.
    Hasbean and Impudicus like this.

    IAMTHESTIG TS Evangelist Posts: 1,721   +810

    Who's to say they haven't? Reports could start coming in that this patch broke something critical or is making systems slow as an old dog.

    Hopefully though it is just M$FT acting in good faith.
    Impudicus likes this.
  4. Impudicus

    Impudicus TS Addict Posts: 140   +99

    I wouldn't be surprised if this update includes a major performance hit.
  5. realestmfever

    realestmfever TS Rookie

    Maybe this is why it takes so long to create a new folder xD
  6. Dimitrios

    Dimitrios TS Guru Posts: 470   +351

    No thanks installed an update on my W7 rig a few weeks ago and now takes longer to boot.
    Impudicus likes this.
  7. kmo911

    kmo911 TS Booster Posts: 111   +10

    Good there are still many users that ever can upgrade to higher OS then win 7 (bios support ended) so many win 95-ME cant either be upgraded EVER. if they remove the block on windows ME 150 mhz and make it install on even a 486 p5 60 we would be happy. a iso image please.
    Impudicus likes this.
  8. candleguy

    candleguy TS Rookie

    I Just Disable Remote Desktop Services in Windows 7 .
  9. lexster

    lexster TS Maniac Posts: 466   +233

    That's not the only service you need to disable to remove the attack vector for this vulnerability. You need to disable the Update service, "BITS" and delete the "Remote Registry" service as well.

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...