Microsoft warns wormable Windows bug could lead to another WannaCry
Company takes the unusual step of patching Win 2003 and XP. 7, Server 2008 and 2008 R2 also vulnerable.
Dan Goodin - 5/14/2019, 1:48 PM
Microsoft is warning that the Internet could see another exploit with the magnitude of the WannaCry attack that shut down computers all over the world two years ago unless people patch a high-severity vulnerability. The software maker took the unusual step of backporting the just-released patch for Windows 2003 and XP, which haven’t been supported in four and five years, respectively.
“This vulnerability is pre-authentication and requires no user interaction,” Simon Pope, director of incident response at the Microsoft Security Response Center, wrote in a published post that coincided with the company’s May Update Tuesday release. “In other words, the vulnerability is ‘wormable,’ meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.”
...
Tod Beardsley, director of research at security firm Rapid7, said an alternate Internet scanner, BinaryEdge, shows there are an estimated 16 million endpoints exposed to the Internet on TCP ports 3389 and 3388, which are typically reserved for RDP.
"A pre-authentication RCE in RDP is a pretty big deal," Beardsley wrote in an email. "While we are often giving the standard advice of not exposing RDP to the Internet, many still do (usually by accident). Much of the attack traffic we see against RDP appears to be directed specifically at point-of-sale systems, so I expect there are a fair number of out-of-support cash registers with RDP exposed to the internet."
https://arstechnica.com/information-tec ... -wannacry/
Company takes the unusual step of patching Win 2003 and XP. 7, Server 2008 and 2008 R2 also vulnerable.
Dan Goodin - 5/14/2019, 1:48 PM
Microsoft is warning that the Internet could see another exploit with the magnitude of the WannaCry attack that shut down computers all over the world two years ago unless people patch a high-severity vulnerability. The software maker took the unusual step of backporting the just-released patch for Windows 2003 and XP, which haven’t been supported in four and five years, respectively.
“This vulnerability is pre-authentication and requires no user interaction,” Simon Pope, director of incident response at the Microsoft Security Response Center, wrote in a published post that coincided with the company’s May Update Tuesday release. “In other words, the vulnerability is ‘wormable,’ meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.”
...
Tod Beardsley, director of research at security firm Rapid7, said an alternate Internet scanner, BinaryEdge, shows there are an estimated 16 million endpoints exposed to the Internet on TCP ports 3389 and 3388, which are typically reserved for RDP.
"A pre-authentication RCE in RDP is a pretty big deal," Beardsley wrote in an email. "While we are often giving the standard advice of not exposing RDP to the Internet, many still do (usually by accident). Much of the attack traffic we see against RDP appears to be directed specifically at point-of-sale systems, so I expect there are a fair number of out-of-support cash registers with RDP exposed to the internet."
https://arstechnica.com/information-tec ... -wannacry/