If you are still running a network-connected copy of Windows XP or Windows Server 2003 (and also Windows 7, Windows Server 2008 and 2008 R2) Microsoft is pushing out an urgent patch for the operating systems, to block a remotely exploitable bug in the RDP service which could result in a worm as bad as Wannacry.
According to CVE-2019-0708 “an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP,” to remotely execute code on the system. Because no user intervention is required the exploit could spread from computer to computer like wildfire, taking down the whole system,
Microsoft notes the issue is not with the RDP protocol, but with the service itself.
“The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017,” according to Microsoft Security Response Center (MSRC) blog post.
Fortunately, the vulnerability, which does not affect Windows 8.1 or 10, has not been exploited in the wild, but with the patch now out there it is surely just a question of time before it is reverse engineered.
Find the patch for Windows XP and Server 2003 here. The other operating systems are being patched via the usual Patch Tuesday cycle.