AskVG

Urgent Security Fix for Windows XP, Windows 7, Server 2003 and 2008 Users

- Last updated on by

It is a very important information to share! If you are still using Windows XP, Windows Server 2003, Windows 7 or Windows Server 2008 operating systems in your computers, you must immediately install the urgent security fixes released by Microsoft.

Windows_7_Update.png

Microsoft has discovered a critical vulnerability in these operating systems which can allow an attacker to infect computer systems running these older Windows versions.

Advertisement

What is This Security Vulnerability?

Here is the official announcement from Microsoft about this security flaw or bug:

Microsoft found a remote code execution vulnerability (CVE-2019-0708) in Remote Desktop Services which are formerly known as Terminal Services. This vulnerability allows an unauthenticated attacker to connect to the target system using RDP and send specially crafted requests. The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs, view, change, or delete data or create new accounts with full user rights.

This vulnerability is “wormable” which means that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. Malicious actors may write an exploit for this vulnerability and incorporate it into their malware.

There is partial mitigation on affected systems that have Network Level Authentication (NLA) enabled. The affected systems are mitigated against “wormable” malware or advanced malware threats that could exploit the vulnerability, as NLA requires authentication before the vulnerability can be triggered. However, affected systems are still vulnerable to Remote Code Execution (RCE) exploitation if the attacker has valid credentials that can be used to successfully authenticate.

The affected systems should be immediately patched using the official security updates.

How to Download and Install Security Fixes in Affected Systems?

Windows 7, Windows Server 2008 R2 and Windows Server 2008 are in-support systems. The security updates for these operating systems are available for standalone download at Microsoft Security Update Guide. Also if you have automatic updates enabled, your computers are automatically protected.

On the other hand, Windows Server 2003 and Windows XP are out-of-support systems. Still Microsoft has released security fixes for these out-of-support versions of Windows in KB4500705.

Advertisement

The good news is that users running Windows 8 and Windows 10 operating systems are not affected by this vulnerability.

Affected users can download and install the required security fixes from following links:

Download Security Fix for Windows 7 and Windows Server 2008

Download Security Fix for Windows XP and Windows Server 2003

The security fixes are available for following Windows versions:

  • Windows 7 Service Pack 1 (32-bit and 64-bit)
  • Windows Server 2008 Service Pack 2 (32-bit, 64-bit and Itanium-based)
  • Windows Server 2008 R2 Service Pack 1 (64-bit and Itanium-based)
  • Windows XP SP3 (32-bit or x86)
  • Windows XP Professional Edition SP2 (64-bit or x64)
  • Windows XP Embedded SP3 (32-bit or x86)
  • Windows Server 2003 SP2 (32-bit or x86)
  • Windows Server 2003 SP2 (64-bit or x64)

Other Things You Should Do in Affected Systems:

Apart from installing the security updates, you should also perform following security measures in affected systems:

  • Disable Remote Desktop Services if they are not required
  • Enable Network Level Authentication (NLA) on systems running Windows 7, Windows Server 2008 and Windows Server 2008 R2
  • Block TCP port 3389 at the enterprise perimeter firewall

Also Check:

[Guide] What does IA64 or Itanium-Based System Mean? Is It Different from x64 (64-Bit)?

Published in: Windows 7, Windows XP

About the author: Vishal Gupta (also known as VG) has been awarded with Microsoft MVP (Most Valuable Professional) award. He holds Masters degree in Computer Applications (MCA). He has written several tech articles for popular newspapers and magazines and has also appeared in tech shows on various TV channels.

You are here: Home » Windows 7 » Urgent Security Fix for Windows XP, Windows 7, Server 2003 and 2008 Users

Comments

NOTE: Older comments have been removed to reduce database overhead.

  1. Still concert to support very outdate os, can microsoft still release urgent security in future.

  2. Do we still need this update? I think it was replaced by later ones…..Dave

Leave a Comment

Your email address will not be published. Required fields are marked *

NOTE: Your comment may not appear immediately. It'll become visible once we approve it.