Microsoft Revisits Windows XP and Windows 2003 Due to “Wormable” Vulnerability

The FPS Review may receive a commission if you purchase something after clicking a link in this article.

Microsoft is taking “the unusual step” of releasing security fixes for both current and out-of-support versions of Windows due to a “wormable” vulnerability that could lead to WannaCry-like malware attacks. CVE-2019-0708, otherwise known as the Remote Desktop Services Remote Code Execution Vulnerability, is so bad that even Windows 2003 and XP are getting patched.

This is a flaw that exists in Remote Desktop Services. It allows attackers to exploit RDP, letting them “install programs; view, change, or delete data; or create new accounts with full user rights.” The fact it’s pre-authentication and requires no user interaction is why it’s described as “wormable.”

Windows 8 and 10 users are not affected by this vulnerability, but fixes for Windows 7, Server 2008 R2, Server 2008, 2003, and XP are available immediately.

…any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.


Tsing Mui
Tsing has been writing the news for over 5 years, first at [H]ard|OCP and now at The FPS Review. He has a background in journalism and makes sure to give his readers the relevant context to why each news post matters.

Recent News