The AchieVer Posted May 15, 2019 Share Posted May 15, 2019 Windows 7 and XP are vulnerable to a major security exploit – so patch now As well as other Microsoft operating systems Image credit: Microsoft Microsoft has put out a warning to those still using its Windows XP, Windows 7 or other early operating systems (OS), urging them to update their PCs with the latest security patch in order to prevent against a serious threat. The computing giant has discovered a vulnerability in these earlier versions of its OS that's similar in nature to the devastating WannaCry ransomware that swept the globe in May, 2017 and continues to affect thousands of users. The vulnerability is ‘wormable’, according to Microsoft, which means that no user interaction is required for their system to be exploited, and affected systems are capable of propagating the virus to other at-risk computers and networks around the world. How to patch Microsoft has claimed that it has, as yet, “observed no exploitation of this vulnerability, [but] it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware”. As such, the software heavyweight is urging that “affected systems are patched as quickly as possible to prevent such a scenario from happening”. There are download links to the appropriate updates found at the foot of this page for those still using any of the following operating systems: Windows 7, Windows 2008 R2, Windows 2008, Windows 2003 orWindows XP. Users running Windows 8 and Windows 10 aren’t at risk of this particular exploit, although it’s always wise to keep up to date with the latest security patches regardless. Source Link to comment Share on other sites More sharing options...
mp68terr Posted May 15, 2019 Share Posted May 15, 2019 Direct link to the patches page without going through the tracker: https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/ Link to comment Share on other sites More sharing options...
The AchieVer Posted May 15, 2019 Author Share Posted May 15, 2019 Microsoft Releases Monthly Updates KB4499164, KB4499151 for Windows 7 and 8.1 The May 2019 Patch Tuesday cycle brought new monthly rollups for Windows 7 and 8.1 devices, along with security-only updates that do not include any non-security fixes. The Windows 7 monthly rollup is KB4499164, while the security-only update is KB4499175. As per the official changelog, the Windows 7 update comes with a series of improvements, including patches for the Microarchitectural Data Sampling (MDS) flaw that was recently discovered. You can read more about this flaw in this article. Additionally, the patch also resolves issues hitting Microsoft Excel when using certain fonts, as well as a bug preventing Visual Studio Simulator from starting. Windows 7 monthly rollup comes with just a single issue that was there in the April release as well. Microsoft says that installing this update could break down McAfee security products, and the company claims it’s still investigating the bug with the security vendor.Windows 8.1 monthly rollupThe Windows 8.1 monthly rollup is KB4499151, and it comes alongside security-only update KB4499165. The same security patch for the MDS security vulnerability is included here, along with fixes for Error 1309 when installing MSI and MSP files on a virtual drive. Microsoft says it has also added uk.gov into the HTTP Strict Transport Security Top Level Domains (HSTS TLD) for its two current browsers, namely Internet Explorer and Microsoft Edge. This time, there are three different issues in this monthly rollup, but they have previously been acknowledged as part of the April rollout. There are no reports of failed installs so far, and everything seems to be working correctly on Windows 7 and 8.1. Windows 7 users should also keep in mind that this operating system is in its last year of support, as Microsoft will stop rolling out updates in January 2020. Source Link to comment Share on other sites More sharing options...
Karlston Posted May 16, 2019 Share Posted May 16, 2019 Good news: The “wormable” security hole in XP, 7, and related Servers, isn’t being exploited yet If you’re running Windows XP (including Embedded) Windows Server 2003, Server 2003 Datacenter Edition Windows 7 Windows Server 2008, Server 2008 R2 You still have time to install the May patches. Source: Good news: The “wormable” security hole in XP, 7, and related Servers, isn’t being exploited yet (AskWoody - Woody Leonhard) Link to comment Share on other sites More sharing options...
Karlston Posted May 20, 2019 Share Posted May 20, 2019 There’s now a freely available proof of concept exploit for the “wormable” WinXP/Win7 bug But it isn’t yet capable of inflicting damage Source: There’s now a freely available proof of concept exploit for the “wormable” WinXP/Win7 bug (AskWoody - Woody Leonhard) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.