Microsoft fixes "Wormable" vulnerability in Windows XP, 7 and Windows 2003 – Krebs on Security

Microsoft Today, we are making an unusual decision to release security updates for unsupported systems that are still widely used. the Windows operating systems like XP and Windows 2003, citing the discovery of a "vermifuge" flaw that, according to the company, could be used to fuel a rapidly evolving malware threat such as the 2017 WannaCry ransomware attacks.

The May 2017 global WannaCry malware outbreak affected some 200,000 Windows systems in 150 countries. Source: Wikipedia.

The vulnerability (CVE-2019-0708) is in the "Remote Desktop Services" component included with supported versions of Windows, including: Windows 7, Windows Server 2008 R2, and Windows Server 2008. It is also present on computers running Windows XP and Windows 2003, operating systems for which Microsoft had long since stopped sending security updates.

Microsoft said the company had yet observed no evidence of attacks against this dangerous security breach, but that it was trying to ward off a serious and imminent threat.

"Although we have not seen any exploitation of this vulnerability, it is very likely that malicious actors will write a exploit for this vulnerability and incorporate it into their malware," wrote Simon Pope, director of incident response for the Microsoft Security Response Center.

"This vulnerability is a pre-authentication and does not require any user interaction," said Pope. "In other words, the vulnerability is" vermicular ", which means that any future malware exploiting this vulnerability could spread from a vulnerable computer to a vulnerable computer in the same way as the malicious WannaCry malware. spread around the world in 2017. It is important that affected systems are corrected as quickly as possible to prevent such a scenario from occurring. "

The WannaCry ransomware threat quickly spread worldwide in May 2017, with the aid of a particularly prevalent vulnerability among systems running Windows XP and earlier versions of Windows. Microsoft had already released a fix for the flaw, but many old and vulnerable operating systems were never updated. Europol estimated at the time that WannaCry was spreading to some 200 000 computers in 150 countries.

CVE-2019-0708 does not affect The latest operating systems from Microsoft – Windows 10, Windows 8.1, Windows 8, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, or Windows Server 2012.

You will find more information on downloading and deploying the update for CVE-2019-0708 here.

All in all, Microsoft today released 16 updates targeting at least 79 security vulnerabilities in Windows and associated software – nearly a quarter of them getting the most critical "critical" from Microsoft. Critical bugs are those that can be exploited by malware or criminals to penetrate remotely into vulnerable systems without any help from users.

One of these critical updates fixes a "zero-day" vulnerability (CVE-2019-0863) in the Windows Error Reporting Service – already seen in targeted attacks, according to the site. Chris Goettl, Director of Product Management for security provider Ivanti.

Other Microsoft products today receiving fixes, including Office and Office 365, Sharepoint, .NET Framework and SQL Server. Once again, for the fourth time this year, Microsoft corrects another critical flaw in the Windows component responsible for assigning Internet addresses to host computers (a.k.a.Windows DHCP Client").

"Any unauthenticated attacker who can send packets to a DHCP server can exploit this vulnerability," said Jimmy Graham at the following address: Qualys.

Staying up to date on Windows fixes is a good thing. Updating only after backing up your important data and files is even better. A good backup means that you do not tear your hair if the abnormal patch is causing problems to boot the system. So do yourself a favor and save your files before installing any fixes.

Note that Windows 10 like to install patches at once and restart your computer according to its own schedule. Microsoft does not make it easy to change this setting for Windows 10 users, but it is possible. For all other users of the Windows operating system, if you prefer to be notified of new updates when they are available so that you can choose when to install them, there is a setting for that in Windows Update.

As usual, Adobe has released security patches for Flash Player and Acrobat / Reader. The Flash Player update fixes a single critical bug in the program. Adobe Acrobat / Reader updates at least 84 security holes.

Microsoft Update needs to install the default Flash Patch, as well as the rest of this month's fix pack. Fortunately, the most popular long-term Web browser – Google Chrome – Automatically updates Flash, but now requires users to explicitly enable it whenever they want to use it. In the summer of 2019, Google Chrome users will change their settings to turn it on whenever they wish.

Firefox also forces users with the Flash add-on installed to click to play Flash content; the instructions to disable or remove Flash from Firefox are here. Adobe will stop supporting Flash by the end of 2020.

As always, if you're having trouble installing any of these patches this month, feel free to leave a comment on this below; There is a good chance that other readers have experienced the same thing and can even add some useful tips.

Keywords: Chris Goettl, CVE-2019-0708, DHCP, Flash Player, Ivanti, Qualys, WannaCry, Windows 2003, Windows XP