Another day, another vulnerability has been discovered in Windows. Users of one of the most popular home computer operating systems in the world are well aware of this song and dance by now, but it’s still annoying every time it happens. And this particular security bug is more dangerous than normal issues for a couple of reasons. For one thing, it’s affected older versions of Windows which are often riddled with other issues and running on not-well-maintained systems, like Windows 7 and XP. Secondly, it also allows an attacker to completely silently leverage remote code against vulnerable machines to silently take them over without any user knowledge or consent.
The CVE-2019-0708 exploit utilizes a specially crafted request to the target systems Remote Desktop Service via Remote Desktop Protocol to take over a target system. RDP is common exploit vector for hackers, and many users don’t disable or otherwise lockdown the services related to it at all. And since many users don’t take the time to apply updates, these kinds of issues can be really dangerous if a sophisticated worm or other type of malware found its way onto a vulnerable network.
Software with known vulnerabilities to this attack include Windows 7, Windows XP, Windows 2003 and Windows Server 2008. So if you’re running these systems on your home or professional network, it’s highly encouraged that you apply the patches Microsoft has released.
For those interested, Microsoft shared some additional details about this security vulnerability.
“This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware. “
Thankfully for those users who have moved on to better operating systems, Windows 8 and 10 releases are not affected by this issue. Anyone who is on one of the affected platforms though has an option, if they’re on supported versions, to patch this problem out of existence.
Windows XP ended its extended support life all the way back in 2014, which means normally there’s no hope of fixing this issue on those machines, as it’s just not worth Microsoft’s time to do so. In this case though, Microsoft has pushed an out-of-band patch for the issue on all affected platforms. Downloads for in-support versions of Windows (Windows 7, Windows Server 2008 R2, and Windows Server 2008) can be found in the Microsoft Security Update Guide. Users on XP and other out-of-support platforms should download the KB4500705 update to apply the fix for this exploit.