Microsoft reiterates advice: update Windows 7 and XP and prevent ‘new WannaCry’

Microsoft urges Windows 7 and XP users to update their systems. A vulnerability that could create a new situation such as WannaCry has been patched, but an estimated one million systems are still susceptible to the worm.

It concerns cve-2019-0708, for which Microsoft released a patch last month. Microsoft says in the report that it is convinced that an exploit for the vulnerability exists, but it has not yet been identified. Nevertheless, Microsoft is now repeating its advice to update the systems because the EternalBlue vulnerability, which WannaCry took advantage of, also struck even though a patch was made available 60 days ago. The estimate that there are still a million vulnerable devices comes from Errata Security.

Specifically, it concerns Windows XP and Windows 7, and Windows Server 2003, 2008, and 2008 R2. The more modern Windows 8 and Windows 10 remain unaffected. Windows XP has been out of security updates since 2014, but due to the severity of the vulnerability, Microsoft is now making an exception. Windows XP is still used in many companies and governments because it is expensive or too complicated to upgrade to a newer Windows version. XP users will have to manually download the update. With Windows 7 this is automatic.

The discovered vulnerability is in the Remote Desktop Services. Users with the service turned on and open to the web are vulnerable. From an infected computer, the worm can locally infect other vulnerable computers, including those not open to the web as far as Remote Desktop is concerned.