A number of important security updates from Microsoft and Adobe dropped this week.
On Patch Tuesday, Microsoft released an update to address a major vulnerability – a “wormable” flaw in Remote Desktop Services (formerly known as Terminal Services) for Windows XP, Windows 7 and server products from Windows Server 2003 through Windows Server 2008 R2.
“While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware,” wrote Simon Pope, director of incident response for the Microsoft Security Response Center.
“This vulnerability is pre-authentication and requires no user interaction,” Pope said. “In other words, the vulnerability is ‘wormable,’ meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. It is important that affected systems are patched as quickly as possible to prevent such a scenario from happening.”
More details are available at Microsoft’s MSRC page for this vulnerability, located here: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708