Microsoft patches major vulnerability in Windows 7 and XP to prevent another WannaCry-like...

Humza

Posts: 760   +161
Staff member

Users of Windows 7 and older versions should immediately apply a critical update issued by Microsoft to fix a major security flaw in its Remote Desktop Services, formerly known as Terminal Services. According to the company, the Remote Desktop Protocol itself is not susceptible, but that the vulnerability is pre-authentication and requires no user interaction.

"In other words, the vulnerability is 'wormable', meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017." Simon Pope, director of incident response at the Microsoft Security Response Center, wrote in a blog post.

Windows 10 and 8 remain unaffected by this issue as "Microsoft invests heavily in strengthening the security of its products, often through major architectural improvements that are not possible to backport to earlier versions of Windows." While machines running Windows 7, Windows Server 2008 R2, and Windows Server 2008 are vulnerable, in-support systems and patches for these versions can be found in the Microsoft Security Update Guide.

For out-of-support systems including the Windows Server 2003 and Windows XP, Microsoft recommends upgrading to the latest version of Windows as the best way to address this vulnerability. However, the company did provide fixes in KB4500705, which users will have to apply manually. Considering that millions of devices around the world including many ATMs still use XP, a fix was indeed critical and now what remains is applying it.

The vulnerability was privately reported to Microsoft by the UK's National Cyber Security Center and is considered high-severity and requires low complexity to exploit.

Permalink to story.

 

Nobina

Posts: 2,727   +2,373
It is unusual for Microsoft to not capitalise on this and get people moving from older Windowses to Windows 10 by coming up with an excuse to not fix it cause it's old.
 

IAMTHESTIG

Posts: 1,868   +900
It is unusual for Microsoft to not capitalise on this and get people moving from older Windowses to Windows 10 by coming up with an excuse to not fix it cause it's old.
Who's to say they haven't? Reports could start coming in that this patch broke something critical or is making systems slow as an old dog.

Hopefully though it is just M$FT acting in good faith.
 
  • Like
Reactions: Impudicus

Impudicus

Posts: 228   +199
It is unusual for Microsoft to not capitalise on this and get people moving from older Windowses to Windows 10 by coming up with an excuse to not fix it cause it's old.
I wouldn't be surprised if this update includes a major performance hit.
 

kmo911

Posts: 254   +31
Good there are still many users that ever can upgrade to higher OS then win 7 (bios support ended) so many win 95-ME cant either be upgraded EVER. if they remove the block on windows ME 150 mhz and make it install on even a 486 p5 60 we would be happy. a iso image please.
 
  • Like
Reactions: Impudicus