Technology
Patch old Windows systems or risk computer worm
Image: Drew Angerer/Getty Images
Follow @https://twitter.com/PCMag
PCMag.com is a leading authority on technology, delivering Labs-based, independent reviews of the latest products and services. Our expert industry analysis and practical solutions help you make better buying decisions and get more from technology.
Microsoft is trying to prevent the outbreak of a computer worm by urging those running older Windows systems to patch their machines.
Redmond has discovered a serious flaw in Windows 7, Windows XP, and Windows Server 2003 and 2008 systems, which can be exploited to create malware capable of automatically spreading from one vulnerable machine to another.
“While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware,” Microsoft said.
The vulnerability deals with the Remote Desktop Services function in Windows, which can allow a user to take control of the machine over a network. Enterprises often choose to activate the feature on PCs and servers as a way to control them remotely.
Normally, the access requires a correct username and password. However, Microsoft discovered that an “unauthenticated attacker” can install malware on a Windows machine through the Remote Desktop Services function by sending specially crafted data packets.
“An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” Microsoft said in its vulnerability advisory.
The bug also requires no interaction from the owner of the affected Windows machine. So theoretically, an attacker could scan the internet to find additional machines to target. An estimated 3 million Remote Desktop Protocol endpoints are currently exposed to the internet, according to security researcher Kevin Beaumont, who cites data from device search engine Shodan.
Fortunately, Windows 10 and Windows 8 are immune from the threat. The attack also won’t work on machines with Remote Desktop Services disabled, according to Microsoft. So the problem is probably less of a threat to consumers than to corporations, which tend to manage large fleets of older Windows machines.
However, the newly discovered vulnerability is so serious that Microsoft is warning it could pave the way for another attack similar to WannaCry, which took over hundreds of thousands of Windows PCs across the world in 2017. As a result, the company has issued patches for Windows Server 2003 and XP, which it no longer supports.
Microsoft is also applying the patches to Windows 7 and Windows Server 2008 systems that have automatic updates switched on.
Editor’s Note: This story has been updated with comment from Microsoft about how disabling the Remote Desktop Protocol will prevent the threat.
This article originally published at PCMag
here
Why women behaving badly are dominating our screens
‘Spellbound’ review: Netflix’s animated adventure finds its magic right at the end
2024 Black Friday ads: Greatest deals from Target, Greatest Buy, Walmart, Kohls, and more
Greatest Amazon Black Friday deals: Early savings on Fire TVs, robot vacuums, and MacBooks
A24 is selling chocolate now. But what would their films actually taste like?
New teen video-viewing guidelines: What you should know
‘Wicked’ review: Ariana Grande and Cynthia Erivo aspire to movie musical magic
How to watch ‘Smile 2’ at home: When is it streaming?
Black Friday 2024: The greatest early deals in Australia – live now
‘Dune: Prophecy’ review: The Bene Gesserit shine in this sci-fi showstopper
‘Here’ review: Robert Zemeckis, Tom Hanks, and Robin Wright reunite
The 34 greatest Australian horror films (and where to watch them)
Menendez brothers case reignites online: The questions that keep resurfacing
How to watch the 2024-2025 NBA season without cable: The greatest streaming deals
Election 2024: The truth about voting machine security
Halloween 2024: Weekend debates, obscure memes, and a legacy of racism
‘Only Murders in the Building’ Season 4 ending explained: Who killed Sazz and why?
‘Dragon Age: The Veilguard’ review: BioWare made a good game again
‘Wallace and Gromit: Vengeance Most Fowl’ review: A delightful romp with an anti-AI streak
Review: I tested the new GoPro Hero 13 Black by land and sea
Why women behaving badly are dominating our screens
‘Spellbound’ review: Netflix’s animated adventure finds its magic right at the end
2024 Black Friday ads: Greatest deals from Target, Greatest Buy, Walmart, Kohls, and more
Greatest Amazon Black Friday deals: Early savings on Fire TVs, robot vacuums, and MacBooks
A24 is selling chocolate now. But what would their films actually taste like?
New teen video-viewing guidelines: What you should know
‘Wicked’ review: Ariana Grande and Cynthia Erivo aspire to movie musical magic
How to watch ‘Smile 2’ at home: When is it streaming?
Black Friday 2024: The greatest early deals in Australia – live now
‘Dune: Prophecy’ review: The Bene Gesserit shine in this sci-fi showstopper
-
Entertainment7 days agoEarth’s mini moon could be a chunk of the big moon, scientists say
-
Entertainment7 days agoThe space station is leaking. Why it hasn’t imperiled the mission.
-
Entertainment6 days ago‘Dune: Prophecy’ review: The Bene Gesserit shine in this sci-fi showstopper
-
Entertainment5 days agoBlack Friday 2024: The greatest early deals in Australia – live now
-
Entertainment4 days agoHow to watch ‘Smile 2’ at home: When is it streaming?
-
Entertainment3 days ago‘Wicked’ review: Ariana Grande and Cynthia Erivo aspire to movie musical magic
-
Entertainment2 days agoA24 is selling chocolate now. But what would their films actually taste like?
-
Entertainment3 days agoNew teen video-viewing guidelines: What you should know
