Microsoft today released a critical update to fix a major security vulnerability in older versions of Windows. The flaw is related to Windows Remote Desktop Services, formerly known as Terminal Services, and affects Windows 7 and older versions of the operating system, such as Windows Server 2008 and Windows XP.
Microsoft says the Remote Desktop Protocol itself is not vulnerable, but instead the issue is pre-authentication and requires no user interaction. "In other words, the vulnerability is 'wormable', meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017," Microsoft said in a blog post.
Users of Windows 7, Windows Server 2008 RT, and Windows Server 2008, all of which are still supported versions of Windows, should use Windows Update to apply the necessary security patch. Older Windows versions like Windows 2003 and XP—which Microsoft ended support for earlier this year—won't get the fix through Windows Update, but can and should apply it manually.
