Microsoft issues a rare Windows XP patch to combat a virulent WannaCry-like exploit in older OS versions

Windows 7 and various Windows Server operating systems also require a critical security update to combat this Remote Desktop Services exploit.

(PC World (US online)) on

Windows XP may be dead, but Microsoft refuses to leave it to the worms.

Today, the company warned users to apply a critical patch for a remote code execution vulnerability that could open older versions of Windows to attack. Common-sense caution isn’t enough, because the exploit can trigger even with no action taken by the user. “In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017,” Microsoft’s Simon Pope warns.

As with the nasty WannaCry, a widespread attack that locked computers and held them ransom, Microsoft is taking the rare step of issuing security patches for Windows XP and Windows Server 2003—two “dead” out-of-support operating systems—to subdue the latest worm’s impact. Windows 7, Windows Server 2008, and Windows Server 2008 R2 also received critical updates to protect against this new security vulnerability, which targets the OS’s Remote Desktop Services.  

“While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware,” Pope says “…It is important that affected systems are patched as quickly as possible to prevent [a WannaCry-like] scenario from happening.”

You can find download links for the security updates for all affected Windows operating systems here.

What you won’t find: download links for Windows 8 and Windows 10 patches. “It is no coincidence that later versions of Windows are unaffected,” Pope says. “Microsoft invests heavily in strengthening the security of its products, often through major architectural improvements that are not possible to backport to earlier versions of Windows.”

Windows 10 indeed provides stronger protection than past versions of Windows, especially if you’ve splurged on a Windows 10 Pro license. But the default security often isn’t enough in today’s hyper-connected world. Check out PCWorld’s guide to the best Windows antivirus software to see our picks for the most effective solutions. A solid AV program can’t block gaping security holes like this one, but it can detect and block the more commonplace malware you might encounter during day-to-day life.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Brad Chacos

Brad Chacos

PC World (US online)
Show Comments
Security Watch
Best NBN Plans
Best Mobile Plans

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Cate Bacon

Aruba Instant On AP11D

The strength of the Aruba Instant On AP11D is that the design and feature set support the modern, flexible, and mobile way of working.

Dr Prabigya Shiwakoti

Aruba Instant On AP11D

Aruba backs the AP11D up with a two-year warranty and 24/7 phone support.

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Featured Content

Product Launch Showcase

Back to topHome

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?