Microsoft just released a blog post that reveals a massive vulnerability in a lot of Windows versions, including consumer and enterprise.
While vulnerabilities are commonly found and eventually patched in all types of software, this one (CVE-2019-0708) could have devastating consequences similar to WannaCry if users do not update as soon as possible.
The vulnerability is found in Remote Desktop Services, formerly known as Terminal Services, and includes Windows 7, Windows Server 2008 R2, Windows Server 20008, Windows 2003 and Windows XP. Essentially, most OSes outside of Windows 8 and XP have this vulnerability.
To try to drive home the seriousness of this security flaw and the importance of applying the patch immediately, Microsoft explained in detail what could happen:
“The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.”
As Microsoft said, WannaCry was a devastating cyberattack in 2017. The WannaCry ransomware cryptoworm used an NSA-developed exploit and spread like wildfire through outdated Windows systems, encrypting hundreds of thousands of machines and demanding a ransom in Bitcoin.
During the attack, the UK National Health Service hospitals were targeted and had to, in some cases, turn away patients and ambulances.
Even more recently, a WannaCry variant made one of Apple’s suppliers shut down its facilities after infecting 10,000 computers.
With that in mind, if you are running machines with older variants of Windows, head to Microsoft and get the patch for the CVE-2019-0708. Preferably right now.