Microsoft releases patch for Windows 7 and XP to prevent ‘new WannaCry’

Microsoft has released a patch that fixes a vulnerability in Remote Desktop Services. The company says it wants to ‘prevent another attack like WannaCry’. The patch will only be released for older Windows versions, including Windows 7 and XP.

This is a vulnerability that allows remote code execution in Remote Desktop Services. No user intervention is required. That’s why Microsoft likens its potential impact to that of WannaCry, the disastrous ransomware that struck in 2017, shutting down hundreds of businesses for a long time.

The vulnerability is only in older versions of Windows. Specifically, it concerns Windows XP and Windows 7, and Windows Server 2003, 2008, and 2008 R2. The more modern Windows 8 and Windows 10 are not affected. Windows XP has been out of security updates since 2014, but due to the severity of the vulnerability, Microsoft is now making an exception. Windows XP is still used in many companies and governments because it is expensive or too complicated to upgrade to a newer Windows version. XP users will have to manually download the update. With Windows 7 this is automatic.

Microsoft says it has yet to see any evidence that the vulnerability has been actively exploited. According to the company, the Remote Desktop Protocol itself is still secure. RDP and RDS are increasingly being used to spread ransomware, according to security experts. This allows a worm to easily spread to other computers and infect an entire network, in the same way that WannaCry did. That ransomware exploited a vulnerability in Server Message Block.