Microsoft took the unusual step to release a critical security update for unsupported operating systems, including Windows XP and Server 2003.
This indicates that the software flaw is so serious that it could have global repercussions when attacked. It is being compared to the WannaCry malware epidemic of 2017 because of its potential cybersecurity impact.
Attacks can happen with no one logged into the PC or server. All PCs and servers with Windows XP, Windows 7, Windows Server 2003, and Windows Server 2008 must be updated.
Unsupported Windows XP and 2003 require manual update installation.
All PCs and servers running...
Any of these systems accessible on the Internet with Remote Desktop Protocol (RDP) are particularly at risk. RDP is enabled by default on all systems.
Remote Desktop Server/Terminal Servers that are accessible from home are particularly at the highest risk and will likely be the first systems to be attacked.
Note that Windows 10 is not affected by this security vulnerability. Upgrading PCs or servers to the latest operating system will improve security dramatically and is the preferred method to reduce this and other risks long term.
This flaw has been successfully exploited by security researchers and is expected to allow them to remotely take over a PC or server with no username or password.
This type of attack is called a worm because once it infects a single device it can quickly spread to all PCs and servers on the network. In 2017, WannaCry behaved this way and infected 200,000 PCs around the world in two days.
This flaw could have even more wide-reaching impacts. The exploits have not yet been released publicly, but attacks are widely expected to happen soon.
If you have questions about your specific security posture, please reach out to your Integrity Strategic Business Advisor for guidance.
Further technical details on this security vulnerability can also be found at the links below: