/?pid=20808

Updated:04:43 PM EST Dec 02
this is ggmania.com subsite

NEWS
rss feed 
 
top 100
archive
ARTICLES
CD/DVD tools
Free Antivir
Security
Drivers
Utilities
FORUMS
LINKS


(C) 2006-2025 TechAmok Independent
All Rights Reserved.


 
 Wormable Windows bug could lead to another WannaCry - TechAmok

Wormable Windows bug could lead to another WannaCry - [security]
05:25 PM EDT - May,14 2019 - post a comment

Microsoft is warning that the Internet could see another exploit with the magnitude of the WannaCry attack that shut down computers all over the world two years ago unless people patch a high-severity vulnerability. The software maker took the unusual step of backporting the just-released patch for Windows 2003 and XP, which haven't been supported in four and five years, respectively. "This vulnerability is pre-authentication and requires no user interaction," Simon Pope, director of incident response at the Microsoft Security Response Center, wrote in a published post that coincided with the company's May Update Tuesday release. "In other words, the vulnerability is wormable, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware."

As if a self-replicating, code-execution vulnerability wasn't serious enough, CVE-2017-0708 (as the flaw in Windows Remote Desktop Services is indexed) requires low complexity to exploit. Microsoft's Common Vulnerability Scoring System Calculator scores that complexity as 3.9 out of 10. (To be clear, the WannaCry developers had potent exploit code written by, and later stolen from, the National Security Agency, to exploit the wormable CVE-2017-0144 and CVE-2017-0145 flaws, which had exploit complexities rated as "high.") Ultimately, though, developing reliable exploit code for this latest Windows vulnerability will require relatively little work.

Bartholomew said network firewalls and other defenses that block the RDP service would effectively stop the attack from happening. But as the world learned during the WannaCry attacks, those measures often fail to contain damage that can collectively cost billions of dollars. Independent researcher Kevin Beaumont, citing queries on the Shodan search engine of Internet-connected computers, said here that about 3 million RDP endpoints are directly exposed.

Besides Windows 2003 and XP, CVE-2019-0708 also affects Windows 7, Windows Server 2008 R2, and Windows Server 2008. In a testament to Microsoft's steadily improving security, later versions of Windows aren't at risk.


Add your comment (free registrationrequired)

Short overview of recent news articles

Dec,02 2025 Samsung Galaxy Z TriFold Unboxing!
Nov,30 2025 Top 5 Best CPUs of 2025
Nov,30 2025 Google Adding AirDrop to Android
Nov,29 2025 20 TOP ALIEXPRESS products for BLACK FRIDAY
Nov,26 2025 Stop Wasting Money on Premium Monitors
Nov,23 2025 The Blackest Friday - Tech News Nov 23
Nov,23 2025 T-Roc: Will this new VW be the best car of 2026?
Nov,23 2025 Can I build my own Steam Machine?
Nov,22 2025 50 NEXT-LEVEL Gadgets Every Man NEEDS to See
Nov,22 2025 RETURN TO SILENT HILL Trailer (2026)
Nov,20 2025 I was WRONG about the Porsche 911 GT3 (or was I?)
Nov,20 2025 Pi GPT Tool Turns Raspberry Pi into a ChatGPT-Powered Smart Device
Nov,17 2025 Rainbow Six Siege X - Official 'Team Rainbow's Last Mission'
Nov,17 2025 Stranger Things Seasons 1-4 Recap
Nov,16 2025 Kill Bill: The Whole Bloody Affair - Official Trailer (2025) Uma
Nov,15 2025 The Devil Wears Prada 2 - Official Teaser Trailer (2026) Meryl
Nov,15 2025 Valve’s New Console and Controller - STEAM Machine & STEAM
Nov,15 2025 Valve Steam Machine, Desktop SteamOS, Steam Frame VR, & Controller |
Nov,01 2025 Battlefield REDSEC - Official Live-Action Trailer
Nov,01 2025 What's the Best PC Upgrade (besides CPU/GPU)?
Oct,31 2025 Directive 8020 - RTX On Trailer
Oct,30 2025 Stranger Things 5 - Official Trailer
Oct,29 2025 AMD Releases Software Adrenalin Edition 25.10.2 WHQL Drivers
Oct,29 2025 Exploding AMD CPUs | Investigating ASRock's Murderboards
Oct,29 2025 Setting Up Our First Huge Gaming Event was CHAOS
Oct,27 2025 Malware of the Future: What an infected system looks like in 2025
Oct,27 2025 F1: Race Highlights | 2025 Mexico City Grand Prix
Oct,26 2025 F1: Qualifying Highlights | 2025 Mexico City Grand Prix
Oct,25 2025 New Big Windows 11 25H2 October Update - New Taskbar Battery Icons
Oct,25 2025 Apple Prepping 'Transfer to Android' Feature, Including 3rd-Party
Oct,24 2025 HW News - RIP Internet, RAM Prices Skyrocket from AI Demand, Intel
Oct,21 2025 Retro Gaming PC Upgrades go WRONG!
Oct,21 2025 How social media has ruined us - the more time you spend online, the
Oct,20 2025 FERRARI 12 CILINDRI // 340KMH REVIEW on AUTOBAHN
Oct,20 2025 ROG Xbox Ally X - a PC Gamer's Perspective
Oct,20 2025 Race Highlights | 2025 United States Grand Prix
Oct,18 2025 RedMagic Puts Liquid Cooling in its New Gaming Phone
Oct,18 2025 Russia Says U.S. Is Planning a $37 Trillion Crypto Reset
Oct,18 2025 Tor Browser says no to Firefox's AI features as it removes them
Oct,14 2025 NVIDIA GeForce 581.57 WHQL Driver
>> News Archive <<

TechAmok - Privacy Policy        loading time:0.01secs