Security News > 2019 > May > Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003
2019-05-14 17:11
Microsoft today is taking the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003, citing the discovery of a "wormable" flaw that the company says could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017. The vulnerability (CVE-2019-0709) resides in the "remote desktop services" component built into supported versions of Windows, including Windows 7, Windows Server 2008 R2, and Windows Server 2008. It also is present in computers powered by Windows XP and Windows 2003, operating systems for which Microsoft long ago stopped shipping security updates.
News URL
Related news
- Microsoft says premature patch could make Windows Recall forget how to work (source)
- Microsoft says having a TPM is "non-negotiable" for Windows 11 (source)
- Microsoft lifts Windows 11 24H2 block on PCs with USB scanners (source)
- Microsoft says Auto HDR causes game freezes on Windows 11 24H2 (source)
- Microsoft adds another problem to the Windows 11 24H2 naughty list (source)
- Microsoft may have scrapped Windows 11's dynamic wallpapers feature (source)
- Microsoft to force install new Outlook on Windows 10 PCs in February (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- Microsoft ends support for Office apps on Windows 10 in October (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-12 | CVE-2019-0709 | Improper Input Validation vulnerability in Microsoft Windows 10 and Windows Server 2016 A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. | 8.4 |