Critical vulnerability force Microsoft to patch versions of Windows Server and desktops that are long out of support. Credit: Getty Images Microsoft took the rare step of issuing security fixes for both the server and desktop versions of Windows that are long out of support, so you know this is serious. The vulnerability (CVE-2019-0708) is in the Remote Desktop Services component built into all versions of Windows. RDP, formerly known as Terminal Services, itself is not vulnerable. CVE-2019-0708 is pre-authentication and requires no user interaction, meaning any future malware could self-propagate from one vulnerable machine to another. CVE-2019-0708 affects Windows XP, Windows 7, Windows Server 2003, Windows Server 2008 R2, and Windows Server 2008. It does not impact Microsoft’s newest operating systems; Windows 8 through 10 and Windows Server 2012 through 2019 are not affected. In the posting to the Microsoft Security Response Center blog, Simon Pope, director of incident response for MSRC wrote, “This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable,’ meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. It is important that affected systems are patched as quickly as possible to prevent such a scenario from happening.” He added, “While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.” The WannaCry ransomware spread quickly in May 2017, using a vulnerability that was particularly prevalent among older versions of Windows. Microsoft issued fixes for it, but many machines in Europe and other parts of the world didn’t update, possibly because they were using pirated versions of Windows. All told, it was a busy Patch Tuesday, with 16 updates targeting at least 79 security holes in Windows and related software, and nearly a quarter of them rated critical, the most severe rating. How many Windows Server 2003 and 2008 installations are out there is anyone’s guess, since even IDC isn’t sure. The majority of old servers run on ancient hardware doing menial tasks, such as running reports or file and print, and the companies just haven’t bothered to retire them. But since it’s not good to be the source of a worm infestation, it’s worth checking your servers to see what you have. And in my experience, there’s likely a lot more Windows Server 2003 and 2008 systems out there than most people realize. I am never surprised at IT’s ability to lose track of assets. Related content news Nvidia, Google Cloud team to boost AI startups Plus, Google unveils Axion, its custom Arm-based chip for data centers, at Google Cloud Next 2024. By Andy Patrizio Apr 11, 2024 3 mins CPUs and Processors Google Cloud Next news Mainframe turns 60 with no plans for retirement Decades after some predicted its demise, the mainframe is as vital as ever, even in the era of AI. By Andy Patrizio Apr 10, 2024 3 mins Mainframes Data Center news Chipmakers report minimal disruptions from Taiwan earthquake The magnitude 7.4 earthquake struck fairly close to Taipei, which plays a vital role in the global chip supply chain. By Andy Patrizio Apr 04, 2024 2 mins CPUs and Processors news Nvidia GTC 2024 wrap-up: Blackwell not the only big news More happened at the Nvidia GTC conference than the Blackwell announcement, including the launch of two new high-speed network platforms. By Andy Patrizio Mar 29, 2024 5 mins CPUs and Processors High-Performance Computing Data Center PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe