/?pid=20808

Updated:05:07 PM EDT Jul 31
this is ggmania.com subsite

NEWS
rss feed 
 
top 100
archive
ARTICLES
CD/DVD tools
Free Antivir
Security
Drivers
Utilities
FORUMS
LINKS


(C) 2006-2025 TechAmok Independent
All Rights Reserved.


 
 Wormable Windows bug could lead to another WannaCry - TechAmok

Wormable Windows bug could lead to another WannaCry - [security]
05:25 PM EDT - May,14 2019 - post a comment

Microsoft is warning that the Internet could see another exploit with the magnitude of the WannaCry attack that shut down computers all over the world two years ago unless people patch a high-severity vulnerability. The software maker took the unusual step of backporting the just-released patch for Windows 2003 and XP, which haven't been supported in four and five years, respectively. "This vulnerability is pre-authentication and requires no user interaction," Simon Pope, director of incident response at the Microsoft Security Response Center, wrote in a published post that coincided with the company's May Update Tuesday release. "In other words, the vulnerability is wormable, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware."

As if a self-replicating, code-execution vulnerability wasn't serious enough, CVE-2017-0708 (as the flaw in Windows Remote Desktop Services is indexed) requires low complexity to exploit. Microsoft's Common Vulnerability Scoring System Calculator scores that complexity as 3.9 out of 10. (To be clear, the WannaCry developers had potent exploit code written by, and later stolen from, the National Security Agency, to exploit the wormable CVE-2017-0144 and CVE-2017-0145 flaws, which had exploit complexities rated as "high.") Ultimately, though, developing reliable exploit code for this latest Windows vulnerability will require relatively little work.

Bartholomew said network firewalls and other defenses that block the RDP service would effectively stop the attack from happening. But as the world learned during the WannaCry attacks, those measures often fail to contain damage that can collectively cost billions of dollars. Independent researcher Kevin Beaumont, citing queries on the Shodan search engine of Internet-connected computers, said here that about 3 million RDP endpoints are directly exposed.

Besides Windows 2003 and XP, CVE-2019-0708 also affects Windows 7, Windows Server 2008 R2, and Windows Server 2008. In a testament to Microsoft's steadily improving security, later versions of Windows aren't at risk.


Add your comment (free registrationrequired)

Short overview of recent news articles

Jul,31 2025 Threadripper 64 Core MONSTER - Holy S#!T!
Jul,28 2025 HW News - Gigabyte's Motherboard Mess, Linux Gains Market Share,
Jul,27 2025 Samsung Z Fold 7 Durability Test - The End is Near
Jul,27 2025 Silent Night, Deadly Night - Exclusive Trailer
Jul,27 2025 I Bought a Giant Video Wall on Craigslist!
Jul,26 2025 My Turn: Lamborghini Revuelto // Nurburgring
Jul,26 2025 F1: Qualifying Highlights | 2025 Belgian Grand Prix
Jul,26 2025 F1: Sprint Qualifying Highlights | 2025 Belgian Grand Prix
Jul,26 2025 I am biased against this laptop - Razer Blade 18
Jul,26 2025 PRISONER OF WAR - Official Trailer | Starring Scott Adkins | In
Jul,24 2025 Battlefield 6 reveal trailer
Jul,22 2025 Samsung Galaxy Z Fold 7 - Two Week Review
Jul,21 2025 Killer 4K 240Hz QD-OLED for just £750: MSI MPG 272URX
Jul,20 2025 LAMBORGHINI URUS *STAGE 1* // REVIEW on AUTOBAHN
Jul,20 2025 THE BEST VW GOLF GTI I've Driven! Proper ClubSport
Jul,19 2025 Intel Core Ultra 9 275HX vs AMD Ryzen 9 9955HX - Which CPU is Best?
Jul,18 2025 LAMBORGHINI REVUELTO V12 // 370KMH REVIEW on UNLIMITED AUTOBAHN!
Jul,18 2025 Mortal Kombat II - Official Trailer
Jul,17 2025 Stranger Things 5 - Official Teaser
Jul,14 2025 Google Is Selling Fake Products - WAN Show July 11, 2025
Jul,12 2025 Hacked by playing Call of Duty WW2 on Gamepass?
Jul,12 2025 2025 VW Golf GTE // TOP SPEED REVIEW on AUTOBAHN
Jul,11 2025 NEW Audi RS3 v cheapest used RS3: DRAG RACE
Jul,10 2025 A critical security vulnerability in Microsoft Remote Desktop Client
Jul,10 2025 Samsung Z Fold/Flip 7 Impressions: Major Upgrades!
Jul,08 2025 Gmail's latest feature helps you get rid of those pesky emails from
Jul,06 2025 I'm an idiot and still made top 5... here's how
Jul,05 2025 The Fantastic Four: First Steps - Official 'Lift Off' Teaser
Jul,04 2025 Samsung Galaxy Z Fold 7 - Hands on Look
Jul,04 2025 RTX 5070 Ti vs RTX 5080 - Is 5080 Gaming Laptop Worth More $$$?
Jul,04 2025 FIRST DRIVE: Praga Bohema - Crazy Hypercar Driven!
Jul,03 2025 Ballerina - Exclusive John Wick Deleted Scene (2025) Keanu Reeves,
Jul,03 2025 Call of Duty: WWII - Remote Code Execution Warning (PC Game Pass)
Jul,02 2025 1014HP Lamborghini REVUELTO 369KMH TOP SPEED POV on AUTOBAHN
Jul,01 2025 Nvidia Drivers (V 576.80 vs V 576.88) - Test In 12 Games - RTX 4060
Jun,30 2025 AMD Adrenalin 25.6.3 Driver Is Available
Jun,30 2025 NVIDIA GeForce RTX 5080 SUPER Could Feature 24 GB Memory, Increased
Jun,29 2025 Guess What Nvidia Did THIS Time
Jun,28 2025 The 10 Best Dinosaur Movies of All Time
Jun,28 2025 Microsoft officially confirms that Windows 11 version 25H2 is coming
>> News Archive <<

TechAmok - Privacy Policy        loading time:0.01secs