Severe Windows XP/7/2003/2008 Vulnerability

Security Updates Available

 

Microsoft announced a severe vulnerability with some older versions of Windows last month. If you are still using Windows XP, 7, Server 2003, or Server 2008, make sure you take the time to follow Microsoft’s instructions to patch your systems. All links are provided below which you will need to manually download and install as versions like Windows XP have long been out of Microsoft’s extended support. Windows 7 is still under extended support, however, after you process your Windows Update, take the time to verify that the proper security update is installed.

The vulnerability, CVE-2019-0708, could allow malware to proprogate and spread with the potential deadliness of 2017’s WannaCry Ransomeware – which as we know, infected a quarter of a billion computers in 150 countries costing billions of dollars in financial loss.

In 2017, like today, Microsoft had also released a security patch earlier in the year that could have prevented WannaCry from being so destructive, but people didn’t patch. So when WannaCry was released, it had free reign over many many computers. This currently vulnerability allows Remote Code Execution in Remote Desktop Services for the Windows versions listed. Windows 8 and 10 users are not vulnerable.

Let’s not let history repeat itself!

Ransomeware is deadly. This type of malware can encrypt your documents, folders, connected storage, among a number of other things, with a promise to send you decryption codes when you pay the ransom. You can find all sorts of statistics on how many billions of dollars this is costing businesses and consumers each year, however, keep in mind that not all of these criminals will keep their promise. So even if you have cash to pay the ransom, you may still lose all of your important data.

Other than this patch, we recommend all users to take the usual precautions – make sure you have backups and methods in place for disaster recovery. Also, put your Internet accessible devices behind a firewall. If your device must have remote access, then make sure to stay up to date with security updates and patches, verify that your passwords meet or exceed strong requirements, and possibly change your access port from the default to something more obscure. If you feel that you are at risk, or have been compromised, call your IT staff. If you don’t have IT support, call us!

Here is Microsoft’s article on the vulnerability:
https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/

Windows XP and Server 2003 patches:
https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708

Windows 7 and Server 2008 patches:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

If you have questions please feel free to reach out.