Patch Old Windows Systems or Risk Computer Worm

Share

However, Microsoft took a rare action by also issuing patches this month for unsupported Windows systems, namely Windows XP and Windows 2003.

"Customers who use an in-support version of Windows and have automatic updates enabled are automatically protected", says Microsoft.

Last but not least, customers running Windows 8 and Windows 10 are not affected by this vulnerability so you should not worry about it in case you are using either of these two operating systems. The Remote Desktop Protocol (RDP) itself is not vulnerable.

"This vulnerability is pre-authentication and requires no user interaction", the MSRC blog post says. At the time of writing Microsoft has not observed any exploitation of this vulnerability but thinks it is "highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware", in the future.

Of all those vulnerabilities, 18 are rated as 'critical' in severity; these are flaws that can be exploited by malicious programmes to steal sensitive data from vulnerable systems by attacking them remotely.

Microsoft mentions that some older Windows OSes will have partial mitigation against the vulnerability if they have Network Level Authentication (NLA) enabled, as NLA requires authentication before the vulnerability can be triggered.

Kim Kardashian hints baby name is Teddy in cryptic tweet
It could just be that the A-lister is trying to tell us something, and fans picked up on it. "Teddy west? Theodore west?". She added: "He's also Chicago's twin, I'm sure he will change a lot but now he looks just like her".

UK Brexit talks stagger on but parties remain far apart
That intervention spooked Labour's shadow chancellor John McDonnell , a key player in the talks. It would be followed by negotiations on a new trade deal with the EU.

PGA Championship Odds 5/13/19, Tiger Woods favored entering the week
There are still four days for those numbers to change, but it's unlikely they change enough to alter the overall trend. He will be the first golfer to use a cart at a major tournament since Casey Martin used one at the 2012 U.S.

There are no public exploits for it yet and no indication that it's already being actively exploited.

Among the patches is a fix for a zero-day vulnerability in the Windows Error Reporting Service.

For more on this, read our companion article dealing with the potential consequences, affected systems and mitigations for this remote, "wormable" Windows vulnerability. Detailed in CVE-2019-0932, the flaw allows an attacker to listen to a conversation on Skype without users even knowing about it.

Microsoft also resolves a publicly disclosed vulnerability in Skype for Android.

The researchers from the universities in Australia, the United States, Belgium, Austria and CSIRO's Data 61 unit noted that newer Coffee Lake Refresh i9 processors are ironically enough more vulnerable to Fallout compared to older parts, due to Intel's countermeasures against the earlier Meltdown speculative execution information leak flaw. "In non-browsing scenarios on standalone systems, an attacker would need prior access to the system or an ability to run a specially crafted application on the target system to leverage these vulnerabilities", the company explained. This may include microcode from device OEMs. "We have also acted to secure our cloud services".

Share