Microsoft is warning PC owners using older Windows versions to urgently run Windows Update on their systems in order to protect their data against a potential widespread attack. The Windows exploit (CVE-2019-0708) affects machines running Windows 7, Windows Server 2008 R2, and older versions. The company has already released security patches for all affected Windows versions, including Windows XP and Windows Server 2003, even though both Windows versions are already out of support.
According to Microsoft, there is a vulnerability in the Remote Code Execution function of the Remote Desktop Services. The Remote Desktop Protocol itself hasn't been impacted.
"This vulnerability is pre-authentication and requires no user interaction," the company wrote in a blog post on Tuesday. “Any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.”
Microsoft says it has not yet observed any exploitation of the vulnerability. However, the security patches have been released to ensure that no malicious party could create a malware and attack the systems running on Windows operating system.
"It is for these reasons that we strongly advise that all affected systems - irrespective of whether Network Level Authentication (NLA) is enabled or not - should be updated as soon as possible," the post added.
Microsoft says the downloads for in-support versions of Windows can be found in the Microsoft Security Update Guide. If you have automatic updates enabled on your Windows machine, you are automatically protected.
Written with inputs from IANS