Microsoft announced they have found a flaw in their operating systems that is “wormable”. Malware such as the “Wanna Cry” attack spread from system to system based on this type of vulnerability. When the “Wanna Cry” attack hit, Microsoft had released patches to correct the flaw, but the damage was done mostly because patches were not installed.
Microsoft is issuing patches for the following:
- Windows 7
- Windows Server 2008 and 2008R2
- Windows XP and Windows Server 2003, both of which are out of date.
Microsoft is very serious about the vulnerability and the patch. So much so they are issuing patches for Windows XP and Windows Server 2003. Both of those operating systems have been out of date for 5 years, and Microsoft has only issues 4 patches in that time for those older systems which demonstrates the importance of the new patch to prevent the flaw in the RDP. Should a cybercriminal gain access through the RDP, they have access to the entire computer and most likely access to the entire network.
The Microsoft patch code is CVE-2019-0708 in Remote Desktop Services. It is encouraged that companies immediately patch their computers and servers before cybercriminals can exploit the flaw.
Microsoft reports the best way for protect older out-of-support systems is to upgrade to the latest version of Windows. Windows 8 and Windows 10 are not affected by this vulnerability.
Windows 7 and Windows Server 2008 and 2008R2 support (including security patches) will end in January 2020.
To help businesses in the Inland Empire with the upcoming end-of-support from Microsoft with Windows 7 and Windows Server 2008, Tech Guardian is offering a FREE Microsoft Security Risk Assessment and Server Migration Plan for businesses with 15 or more computers and a server. To schedule your FREE Risk Assessment and Server Migration plan, please call us at 951-319-4080 or go to www.jr-tech.com/eol.