Microsoft has released a patch to protect against attacks like WannaCry
As part of the May service pack, the company also released a patch for the 0Day vulnerability in Windows.
Microsoft has released an update for outdated versions of Windows (Windows XP, Windows 7, Windows Server 2003, Windows Server 2008 R2, and Windows Server 2008), eliminating a vulnerability that provides the ability to carry out attacks like the WannaCry epidemic, in 2017 that hit hundreds of thousands of computers around the world.
The bug (CVE-2019-0708) affects Remote Desktop Services (Remote Desktop Services), previously known as Terminal Services. The company stressed that the actual Remote Desktop Protocol (RDP) is not vulnerable.
“This vulnerability does not require authorization or any user interaction. In other words, it is “worm-like”, that is, it allows malware to spread from computer to computer just as the WannaCry malware spread throughout the world in 2017, ”explained Simon Pope, Microsoft cyber threat response center. He also added that while the company has not recorded cases of exploitation of vulnerabilities, but this is just a matter of time.
The patch is presented as part of the May service pack, eliminating a total of 79 vulnerabilities in various products of the company. The package includes a patch for the privilege escalation vulnerability (CVE-2019-0863) in the Windows Error Reporting Service (WER), which criminals are already actively using, and updates that prevent the exploitation of a new class of vulnerabilities in Intel processors. A full list of fixed issues is available here.