Microsoft has issued a critical Windows update to older machines to prevent a vulnerability which could allow attacks to spread in a similar way to WannaCry.
The computing giant has taken the drastic and unusual step of providing a fix to systems it no longer supports, including Windows XP – its popular operating system released almost 18 years ago.
Microsoft says the vulnerability affects a part of the Remote Desktop Services feature on some previous versions of Windows, which could allow devastating malware attacks to pass from vulnerable computer to vulnerable computer, as WannaCry did.
WannaCry notably hit parts of the NHS in May 2017, disrupting 80 trusts across England alone because they were either infected by the ransomware or had turned off their devices or systems as a precaution.
[Update: The official Microsoft announcement should have been included in the story. Please be aware this warning applies only to older version of Windows; Windows 8 and 10 are not affected. (Hat tip to user "All Your Lawn Are Belong To Us") --martyb]
Related Stories
NSA warns Microsoft Windows users of cyber-attack risk
The US National Security Agency (NSA) has warned Microsoft Windows users to make sure they are using updated systems to guard against cyber-attacks.
US officials and Microsoft executives say older versions of the programs may be vulnerable to malware. In the advisory, NSA officials said a flaw known as "BlueKeep" exists in past editions of Microsoft Windows.
Last week Microsoft warned that "some older versions of Windows" could be vulnerable to cyber-attacks. "All customers on affected operating systems [Windows 7 and earlier] should update as soon as possible," said Microsoft.
US officials said the "BlueKeep" flaw could leave computers vulnerable to infection by viruses through automated attacks or by the downloading of malicious attachments.
According to HelpNetSecurity:
An unauthenticated BlueKeep network scanner tool has been released and so has a Metasploit module for unauthenticated checking for the vulnerability.
And, from ZDNet:
Intense scanning activity detected for BlueKeep RDP flaw. A threat actor hidden behind Tor nodes is scanning for Windows systems vulnerable to BlueKeep flaw.
Also at Gizmodo.
Official entry on the Common Vulnerabilities and Exposures database: CVE-2019-0708.
Previously:
Microsoft Issues Urgent Windows XP Patch to Prevent WannaCry-Style Attack
Why a Windows Flaw Patched Nine Days Ago is Still Spooking the Internet
(Score: 2) by martyb on Thursday May 16 2019, @01:10PM (7 children)
Is there a way for me to totally turn off RDS?
I have never before used RDS and do not intend to start, so it is just a service taking up storage, memory and cycles if it is active.
Has anyone here done this? Links or step-by-step instructions welcome! I'm specifically talking about Win 7 Pro x64, but if there is a general solution I'm sure there must be others who are interested, too.
Wit is intellect, dancing.
(Score: 4, Funny) by c0lo on Thursday May 16 2019, @01:14PM
There [freebsd.org], Satisfaction guaranteed!
https://www.youtube.com/watch?v=aoFiw2jMy-0
(Score: 4, Informative) by bzipitidoo on Thursday May 16 2019, @02:16PM (1 child)
Really? Ahh such purity! Don't use Windows, even a little bit, never feel forced to to muck about with it because someone else just has to have that game or office or tax software or whatever?
Yes, I've turned off RDS before. You can get to the whole list of Windows services through the Control Panel. On Windows 8.1, it's Control Panel -> System and Security -> Administrative Tools -> Services. There are several Remote Desktop services, and they can all be set to manual, or if you're feeling extra hatred of such misfeatures, disabled. Remote Registry is another one that's good to shut down. And hey, if you're not using Windows networking, just need the TCP/IP stack, you can turn off the Server and Wrokstation services as well. Lots of other services can be stopped. Not doing any printing from that machine? Shut off the Print Spooler!
Windows 7 should be nearly the same or the same, as I recall, but M$ is forever rearranging the menus.
(Score: 2) by RS3 on Thursday May 16 2019, @03:01PM
I had started a long reply but you've covered much. Yes, MS keeps rearranging things trying to fool people into thinking the newest Windows is so much different and better. Win10 pops up most of the same applets / snapins that look like XP / 2000. I like that they're still there, but it's tedious to keep remembering where they are depending on Windows version.
I'll add: go into Control Panel -> Administrative Tools -> Services and turn OFF the basic Remote Desktop Services services (for example: I always turn OFF all SSDP and UPnP stuff, but always check Dependencies - you may break a critical service.)
All Windows versions I've installed (all of them really except Vista) have Remote Desktop disabled, but "Remote Assistance" is enabled, and I always disable it.
I'll also add: if you're behind a firewall, and most router / gateways are firewalls, and it's configured properly (no open ports from Internet) you should have no worries.
(Score: 4, Informative) by Spamalope on Thursday May 16 2019, @02:21PM
start->run->msconfig
You can uncheck services/startups from there.
(Score: 3, Informative) by Runaway1956 on Thursday May 16 2019, @04:26PM
http://www.blackviper.com/ [blackviper.com] http://www.blackviper.com/service-configurations/black-vipers-windows-7-service-pack-1-service-configurations/ [blackviper.com]
I don't see the WinXP stuff - I guess he no longer supports XP. But, RDS hasn't changed since Win2K. Just shut it off.
Abortion is the number one killed of children in the United States.
(Score: 3, Informative) by Runaway1956 on Thursday May 16 2019, @04:32PM
I just didn't look far enough into the menu - http://www.blackviper.com/service-configurations/black-vipers-windows-xp-pro-x64-64-bit-service-pack-2-service-configurations/ [blackviper.com]
Abortion is the number one killed of children in the United States.
(Score: 0) by Anonymous Coward on Thursday May 16 2019, @07:31PM
I haven't seen any mitigation mention turning off the service. The bad file, termdd.sys, seems to be embedded deeply enough that it can't be turned off. For example, Fast-User Switching uses Terminal Services. I'm looking at XP, and even with all remote turned off in the System Properties, Terminal Services is still being started from the default setting of Manual Start.
(Score: -1, Offtopic) by Anonymous Coward on Thursday May 16 2019, @01:36PM (4 children)
Micro$oft just doesn't care.
(Score: 3, Informative) by EvilSS on Thursday May 16 2019, @02:36PM
(Score: 1, Offtopic) by Runaway1956 on Thursday May 16 2019, @04:34PM (2 children)
Win95 was obsolete BEFORE WinXP was released. You should have upgraded to Win2K when you had the chance.
Abortion is the number one killed of children in the United States.
(Score: 0) by Anonymous Coward on Thursday May 16 2019, @08:43PM (1 child)
Nah, the upgrade from 95 was to 98SE, just about everything worked better. We still have a large format scanner-copier (and fax) that is connected to a Win98SE Thinkpad. Not used too often, but works great when needed.
It's not connected to the internet, sneakernet only for transferring the 11"x17" scans.
(Score: 0) by Anonymous Coward on Friday May 17 2019, @08:15AM
Just a reminder that the air gap method only works so far. https://en.wikipedia.org/wiki/Stuxnet [wikipedia.org]
(Score: 2) by All Your Lawn Are Belong To Us on Thursday May 16 2019, @02:08PM (2 children)
Something the summary should have made note of. Microsoft's announcement [microsoft.com], while preening a little about how great they are, noted that Windows 8 and 10 are not affected. TFA said the same thing, and even though the summary and article focus are about how they released a patch for XP this should have been noted in the summary IMVHO.
This sig for rent.
(Score: 3, Informative) by martyb on Thursday May 16 2019, @03:12PM (1 child)
Thanks for the clarification! Story updated... please give the site a couple minutes for the change to work its way through the cache.
Wit is intellect, dancing.
(Score: 0) by Anonymous Coward on Thursday May 16 2019, @04:31PM
Muchos gracias! :)
(Score: 1, Funny) by Anonymous Coward on Friday May 17 2019, @02:33AM
Microsoft: Hey everyone, our current OS offerings are safe but there's a nasty XP bug going around.
Microsoft: We wouldn't normally do this but here's a patch for that old-ass OS we stopped supporting years ago.
Dog+world: Awesome, so I'm completely safe from the RDP thing now?
Microsoft: Yep, you're all set.
Dog+world: Great!
Microsoft: Well, you're safe from that threat.
Microsoft: I mean, you're using XP so you're still f*cked but at least it wont be because of RDP.
Dog+world: So you fixed a single vulnerability for my zombie OS that's riddled with gaping holes?
Microsoft: Correct, we got you covered, don't even trip dawg...
Microsoft: But if you want to be certain, you'll need to upgrade to Windows 10 (did we mention it's safe)?
Dog+world: Doh!
Windows 7 end-of-life is fast approaching and this feels like routine cattle herding. Expect a sloppy repeat of GWX soon...?
(Score: 2) by lentilla on Friday May 17 2019, @05:44AM
Honest to goodness, which part about "the product is no longer supported" is so hard for people to understand? Anyone who is running XP and is not air-gapped, WiFi physically removed and the ethernet port filled with hot glue is a right and proper fool.
Yes, I realise the boss wants it connected to the network because it's "business critical" but we have been telling "the boss" for over twenty years now that running anything business critical on Microsoft systems carries a non-insignificant business risk.
I realise there are curmudgeonly types that are busy saying "XP and IE6 worked fine for me and there is no reason to upgrade" and they would be wrong. Very wrong. The software may be expected to do the same tasks but the environment is vastly different. To expect to use antique software on a modern network is like expecting that your toddler will be A-OK after spending Friday night in a biker bar instead of daycare.
Frankly, this is an excellent example where you let the systems get pawned and then say "I told you so".