Published: Wed, May 15, 2019
Electronics | By Kelly Massey

"Wormable" Bug Could Enable Another WannaCry

Microsoft today is taking the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003, citing the discovery of a "wormable" flaw that the company says could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017.

Security updates to Internet Explorer, Microsoft Scripting Engine, Microsoft Edge, Windows Storage and Filesystems, Microsoft Graphics Component, Windows App Platform and Frameworks, Windows Cryptography, Windows Datacenter Networking, Windows Server, Windows Virtualization, Windows Kernel, and the Microsoft JET Database Engine.

The vulnerability is "wormable", according to Microsoft, which means that no user interaction is required for their system to be exploited, and affected systems are capable of propagating the virus to other at-risk computers and networks around the world. Those using out-of-support systems (like Windows 2003 and Windows XP), can download the KB4500705 update in which Microsoft has implemented the necessary security fixes.

Customers running Windows 8 and Windows 10 are not affected by this vulnerability.

"Microsoft invests heavily in strengthening the security of its products, often through major architectural improvements that are not possible to backport to earlier versions of Windows", Pope said. "It is for these reasons that we strongly advise that all affected systems - irrespective of whether NLA is enabled or not - should be updated as soon as possible", Pope said.

This time a year ago stats put Windows 7, which was first released back in 2009, ahead of the newer Windows 10 OS. This measure would stop worms as long as attackers don't have valid credentials for authentication on vulnerable systems.

Barr Tabs Special Prosecutor to Look Into Origins of Russia Hoax
Durham was nominated by Trump in 2017 after serving as a lawyer within the Justice Department since 1982, according to The Times. Trump selected him to be the US attorney in CT , and he was confirmed by the Senate in 2018.

But as these stats shown, even though Windows 10 has overtaken Windows 7 there is still a considerable chunk of PC users running the older OS.

Microsoft also issued mitigation guidance for the latest hardware design flaws affecting Intel processors that allow so-called Microarchitectural Data Sampling (MDS) attacks.

Microsoft's May 2019 Patch Tuesday fixed 79 vulnerabilities, 19 of which are classed as Critical.

The new patch offered by Microsoft fixes the way how Remote Desktop Services handle connection requests.

Fixing the MDS side-channel vulnerabilities will require micro-code updates from Intel for processors, along with updates to operating systems and hypervisors.

Like this: