Microsoft issues a rare Windows XP patch to combat a virulent WannaCry-like exploit in older OS versions

Windows 7 and various Windows Server operating systems also require a critical security update to combat this Remote Desktop Services exploit.

Brad Chacos

Windows XP may be dead, but Microsoft refuses to leave it to the worms.

Today, the company warned users to apply a critical patch for a remote code execution vulnerability that could open older versions of Windows to attack. Common-sense caution isn’t enough, because the exploit can trigger even with no action taken by the user. “In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017,” Microsoft’s Simon Pope warns.

As with the nasty WannaCry, a widespread attack that locked computers and held them ransom, Microsoft is taking the rare step of issuing security patches for Windows XP and Windows Server 2003—two “dead” out-of-support operating systems—to subdue the latest worm’s impact. Windows 7, Windows Server 2008, and Windows Server 2008 R2 also received critical updates to protect against this new security vulnerability, which targets the OS’s Remote Desktop Services.  

“While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware,” Pope says “…It is important that affected systems are patched as quickly as possible to prevent [a WannaCry-like] scenario from happening.”

You can find download links for the security updates for all affected Windows operating systems here.

What you won’t find: download links for Windows 8 and Windows 10 patches. “It is no coincidence that later versions of Windows are unaffected,” Pope says. “Microsoft invests heavily in strengthening the security of its products, often through major architectural improvements that are not possible to backport to earlier versions of Windows.”

Windows 10 indeed provides stronger protection than past versions of Windows, especially if you’ve splurged on a Windows 10 Pro license. But the default security often isn’t enough in today’s hyper-connected world. Check out PCWorld’s guide to the best Windows antivirus software to see our picks for the most effective solutions. A solid AV program can’t block gaping security holes like this one, but it can detect and block the more commonplace malware you might encounter during day-to-day life.

Microsoft issues a rare Windows XP patch to combat a virulent WannaCry-like exploit in older OS versions

Windows 7 and various Windows Server operating systems also require a critical security update to combat this Remote Desktop Services exploit.

Brad Chacos May 15th 2019

Windows XP may be dead, but Microsoft refuses to leave it to the worms.

Today, the company warned users to apply a critical patch for a remote code execution vulnerability that could open older versions of Windows to attack. Common-sense caution isn’t enough, because the exploit can trigger even with no action taken by the user. “In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017,” Microsoft’s Simon Pope warns.

As with the nasty WannaCry, a widespread attack that locked computers and held them ransom, Microsoft is taking the rare step of issuing security patches for Windows XP and Windows Server 2003—two “dead” out-of-support operating systems—to subdue the latest worm’s impact. Windows 7, Windows Server 2008, and Windows Server 2008 R2 also received critical updates to protect against this new security vulnerability, which targets the OS’s Remote Desktop Services.  

“While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware,” Pope says “…It is important that affected systems are patched as quickly as possible to prevent [a WannaCry-like] scenario from happening.”

You can find download links for the security updates for all affected Windows operating systems here.

What you won’t find: download links for Windows 8 and Windows 10 patches. “It is no coincidence that later versions of Windows are unaffected,” Pope says. “Microsoft invests heavily in strengthening the security of its products, often through major architectural improvements that are not possible to backport to earlier versions of Windows.”

Windows 10 indeed provides stronger protection than past versions of Windows, especially if you’ve splurged on a Windows 10 Pro license. But the default security often isn’t enough in today’s hyper-connected world. Check out PCWorld’s guide to the best Windows antivirus software to see our picks for the most effective solutions. A solid AV program can’t block gaping security holes like this one, but it can detect and block the more commonplace malware you might encounter during day-to-day life.