Specifically, this vulnerability is "wormable", or able to propagate from one vulnerable PC to another, and without user interaction. The vulnerability, he said, "should be the highest priority patching because, in addition to the wormable capabilities in this exploit, many modern ransomware variants, such as Dharma, Robbinhood, and CrySIS, often use vulnerable RDP servers to gain access to victim networks". However, affected systems are still vulnerable to Remote Code Execution (RCE) exploitation if any attacker somehow has valid credentials.
"We are taking the unusual step of providing a security update for all customers to protect Windows platforms, including some out-of-support versions of Windows", the Microsoft Security Response Team wrote in a blog posting today.
"It is important that affected systems are patched as quickly as possible to prevent such a scenario from happening", said Simon Pope, director of incident response at Microsoft.
For highly likely, read absolutely certain: a malware propagation method like this is going to be appearing very soon since it's a low-priced, highly effective way of spamming out ransomware and trojans.
There are download links to the appropriate updates found at the foot of this page for those still using any of the following operating systems: Windows 7, Windows 2008 R2, Windows 2008, Windows 2003 or Windows XP. Windows 8 and 10 are unaffected, but there's still a vast pool of older systems out there that could be hit if left unpatched.
Man busted for strapping dead wife into passenger seat during road trip
Enrique Carrillo said authorities there didn't receive any earlier reports of suspicious activity involving the couple. Linda was issued a protective order from her husband on February 6 and it was continued Monday, records show.
Sri Lanka blocks social media and imposes curfew after anti-Muslim attacks
In a televised address, Police Chief Chandana Wickramaratne warned that officers would respond to rioters with maximum force. The country's North-Western province, where the worst violence flared, will be shut down for longer, police said.
Vladimir Putin Says Wants To "Fully Restore" Russia-US Ties
A Kremlin spokesperson rejected the notion that Putin's schedule was an intentional "message" for the US administration. Putin told Pompeo his recent telephone conversation with Trump raised hopes for an improvement in relations.
Windows 7 and its server-based siblings naturally get patches for this, since those operating systems are officially supported until January 2020. In particular there's fixes out for the information-leaking family of Microarchitectural Data Sampling (MDS) security flaws in Intel processors revealed this week. These include CVE-2019-0725, a vulnerability in Windows Server's DHCP server.
As always, users are recommended to install these security updates as soon as possible, and to prioritize the patches targeting flaws already being exploited out in the wild.
Microsoft's patch joins other fixes from companies including Apple and Google.
Patches for a mammoth 84 flaws were released for Adobe Acrobat and Reader on Windows and MacOS, so head to APSB19-18 for details.