Microsoft Patches Wormable Vuln in Windows 7, 2003, XP, Server 2008

Microsoft Patches Wormable Vuln in Windows 7, 2003, XP, Server 2008
Microsoft releases security updates for some out-of-support systems to fix a bug that could be weaponized as a worm if exploited.

Microsoft today took the unusual step of issuing security fixes for out-of-support systems to patch a vulnerability it fears could be wormable if exploited. CVE-2019-0708 affects in-support systems Windows 7, Server 2008, and 2008 R2 and out-of-support Windows 2003 and XP.


This is a critical remote code execution flaw in Remote Desktop Services, formerly known as Terminal Services, which affects some older versions of Windows. Remote Desktop Protocol (RDP) is not vulnerable. CVE-2019-0708 is pre-authentication and requires no user interaction, meaning any future malware could propagate from vulnerable machine to vulnerable machine.


Authenticated attackers could exploit this vulnerability by connecting to a target system via RDP and sending specially crafted ..