Microsoft releases worm fix for older versions of Windows

Doris Richards
May 15, 2019

The latter, CVE-2019-0725, is a particularly nasty memory corruption vulnerability, since all that is needed to exploit it is a well-crafted packet sent to a DHCP server and affects all now supported versions of Windows, client and server.

Specifically, this vulnerability is "wormable", or able to propagate from one vulnerable PC to another, and without user interaction.

Microsoft detailed the potential impact of CVE-2019-0708 in a separate blog post on Tuesday.

Microsoft says it has not yet observed any exploitation of the vulnerability.

"CVE-2019-0708 should be the highest priority patching because, in addition to the wormable capabilities in this exploit, many modern ransomware variants, such as Dharma, Robbinhood, and CrySIS, often use vulnerable RDP servers to gain access to victim networks", argued Recorded Future senior solutions architect, Allan Liska.

The new patch offered by Microsoft fixes the way how Remote Desktop Services handle connection requests.

Customers running Windows 8 and Windows 10 are not affected by this vulnerability. "It is for these reasons that we strongly advise that all affected systems - irrespective of whether NLA is enabled or not - should be updated as soon as possible".

Customers who use an in-support version of Windows such as Windows 7 and Windows Server 2008 will receive the update if they have automatic updates enabled, while Windows XP users can download fixes from Microsoft's Update Catalogue or upgrade their version of Windows.

The latter is only a partial mitigation.

The remaining 18 critical flaws are for scripting engines and browsers, and while all should be patched there's no evidence as yet that any are being exploited in the wild.

CVE-2019-0932, a vulnerability in Skype for Android that could allow attackers to listen in on a user's Skype conversations.

Microsoft has also released a guidance document on how to mitigate a new subclass of speculative execution side channel vulnerabilities known as Microarchitectural Data Sampling (aka ZombieLoad).

The attack affects both desktop and server-based systems, although exploiting it isn't trivial. Normally, you need to provide a username and password to access a machine over Remote Desktop Services.

"This update includes updates that come as part of the normal monthly release cycle", a Microsoft support note explains. "We have also acted to secure our cloud services".

Other reports by Iphone Fresh

Discuss This Article