In order to prevent a new WannaCry-like attack, the software giant has rolled out patches for not only Windows 7 and Windows Server 2008/2008 R2, but also Windows XP and Windows Server 2003, which hit the end of their life cycle years ago.
Microsoft has no evidence that the security flaw was actively abused by hackers, but decided action was needed because the risk was too great. The attack did not require user interaction and was relatively simple to exploit, merely the act of sending a few specially crafted packets to a system with the RDP service enabled was enough for infection.
“This vulnerability is pre-authentication and requires no user interaction,” Simon Pope, director of incident response at the Microsoft Security Response Center, wrote in a published post that coincided with the company’s May Update Tuesday release. “In other words, the vulnerability is ‘wormable,’ meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.”Users running these operating systems on Internet-connected machines should update immediately.
Via: ARS Technica