Author Topic: Microsoft Vulnerability - explanation and resolution for Windows 7 and XP users  (Read 1624 times)

0 Members and 1 Guest are viewing this topic.

Offline TonyD

  • Forum Deity
  • *****
  • Posts: 540
You should of course be wary of any links I provide, but they're included as part of the MS TechNet messages I receive, so I'm including here anyway.

It's just as sufficient to ensure your Windows Updates are er...up to the patches are being delivered as part of the general update procedure too

In Windows 7, click on Start, then right click on Computer, left click on Properties, and down in left corner find and click on Windows Update

Microsoft Critical Security Update

In efforts to prevent another WannaCry (2017) style malware outbreak, Microsoft has released some software patches for older Windows systems, including some that are long past their support dates.

The released patches that are available target a critical Remote Code Execution vulnerability in Remote Desktop Services (formerly known as Terminal Services), to prevent worm transmission. Such transmission would be pre-authorised and require no user interaction on an unpatched system.
At the time of writing Microsoft has not observed any exploitation of this vulnerability but thinks it is "highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware," in the future.
Microsoft notes that vulnerable in-support systems include Windows 7, Windows Server 2008 R2, and Windows Server 2008 systems. For such systems you can download updates via the Microsoft Security Update Guide or they will be delivered via automatic updates, if enabled.

Windows XP and Windows 2003 systems are out of support, and being so aged Microsoft strongly recommends users update to a newer OS.
However, it has made fixes available for these systems as patch KB4500705

Lastly, customers running Windows 8 or Windows 10 are not affected by the critical Remote Code Execution vulnerability outlined in the intro.

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 22277

Looks like the one Tony warned us about a couple of weeks back, now it has a name.

Offline TonyKath

  • Global Moderator
  • Forum Deity
  • *****
  • Posts: 1965
Thanks, Maik.  TonyD's wsrning was timely and easy to apply but a big file download.