The time-tested mantra of “no system is 100 percent secure” continues to echo in the minds of global users, but that doesn’t mean we’re helpless to defend our networks from the threats of the world. Even though hackers are a clever bunch, we should remain vigilant in our efforts to thwart the next compromise no matter how big or small it may be. If we all agree to be proactive in fortifying our defences, and we actually do so, then we are fulfilling our promise of delivering more secure and reliable services.
On May 14, Microsoft shared the news of a significant vulnerability with their Remote Desktop services. This vulnerability affects operating systems back to Windows XP and Server 2003 and is significant enough for Microsoft to warrant the release of patches to their Update Catalog for these unsupported operating systems. But in addition to XP and Server 2003, Windows 7 and Server 2008 are also vulnerable. Fortunately, Windows 8 and Windows 10 are safe.
According to a Microsoft blog post, “this vulnerability is pre-authentication and requires no user interaction” making it “wormable” and feasible for malicious code to rapidly travel from one vulnerable computer to the next. It is also very likely threat actors will write exploitation code to produce an outbreak similar to the now infamous 2017 WannaCry attack, which had its vulnerability and exploit code in the wild months before the outbreak occurred.
Microsoft issued security update CVE-2019-0708 titled “Remote Desktop Services Remote Code Execution Vulnerability” documenting the details and links to the essential patches. Unfortunately this is a manual update process for any out-of-support Windows XP and Server 2003 devices.
This type of development is why we need to reaffirm the importance of migrating devices to Windows 10 or Server 2019 if it is still being considered. Being able to mitigate the threat before it disrupts your business is very important for any business owner.
Now is the time to get ahead of the threat and prevent a repeat of WannaCry. If we are truly delivering on the promise to provide a more secure and reliable service, then all Windows XP, Windows 7, Server 2003 and Server 2008 devices in your business should receive these important updates right now.