Microsoft is taking “the unusual step” of releasing security fixes for both current and out-of-support versions of Windows due to a “wormable” vulnerability that could lead to WannaCry-like malware attacks. CVE-2019-0708, otherwise known as the Remote Desktop Services Remote Code Execution Vulnerability, is so bad that even Windows 2003 and XP are getting patched.
This is a flaw that exists in Remote Desktop Services. It allows attackers to exploit RDP, letting them “install programs; view, change, or delete data; or create new accounts with full user rights.” The fact it’s pre-authentication and requires no user interaction is why it’s described as “wormable.”
Windows 8 and 10 users are not affected by this vulnerability, but fixes for Windows 7, Server 2008 R2, Server 2008, 2003, and XP are available immediately.