In a somewhat out-of-character move, Microsoft has released a security update for Windows XP, an OS that's officially out of support. The tech giant released a statement on Tuesday about a Remote Code Execution (RCE) vulnerability in older versions of Windows. The flaw is present in Remote Desktop Services and affects Windows Server 2008 and 2003, Windows 7, and Windows XP. Frighteningly, the vulnerability requires no user interaction and is pre-authentication. This means attackers could craft ‘wormable' malware that spreads across devices. “Any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017,” explained Microsoft in a support article. “While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.” WannaCry spread quickly across the globe last year after starting in the United Kingdom and Spain. At its peak, it had infection over 230,000 computers, locking down computers unless users paid a ransom. It affected a swathe of important originations from Britain's National Health Service to FedEx and Telefonica. There's no indication that malware targeting the new vulnerability is currently spreading, but Microsoft warns that it could if users don't act. In support customers with automatic updates will be safe already, and those with it turned off can get updates via the normal route.
Microsoft Patches Unsupported Windows XP over Fears of Wormable WannaCry-like Malware
A major exploit for older versions of Microsoft's OS has caused the tech giant to patch Windows XP. Without the mitigations, it could be used to spread malware between devices.