Microsoft fixes critical flaw in legacy Windows systems to prevent WannaCry-like attack

Red padlock representing a security hack

Microsoft has released fixes for a critical remote-code execution (RCE) flaw affecting older Windows installations that could have allowed malware to spread between machines without any user interaction.

The vulnerability has been described as 'wormable' which means that any future malware exploiting this could spread from machine to machine in a similar way to the infamous WannaCry attack in 2017.

The flaw with Remote Desktop Services, a remote PC platform, affects users running legacy operating systems including Windows 7, Windows XP, Windows Server 2008, Windows Server 2008 R2, and Windows 2003.

Microsoft confirmed the Remote Desktop Protocol itself is not vulnerable, and the issue is pre-authentication, meaning it requires no user interaction.

"While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware," the Microsoft Security Response Centre (MSRC) said.

"Customers running Windows 8 and Windows 10 are not affected by this vulnerability, and it is no coincidence that later versions of Windows are unaffected.

"Microsoft invests heavily in strengthening the security of its products, often through major architectural improvements that are not possible to backport to earlier versions of Windows."

Microsoft confirmed that users running Windows 7, Windows XP, Windows Server 2008 R2 and Windows Server 2008, as well as those still on Windows 2003 were at-risk of succumbing to the flaw.

Patches for the in-support systems, Windows 7 and both Server 2008 iterations, are available via the Microsoft Security Update Guide, or through automatic updates.

Out-of-support systems, including Windows XP and 2003 users, will also receive a special fix due to the severity of this issue. But the firm has advised all its users who haven't yet upgraded to Windows 10 to do so as soon as possible as this is "the best way to address this vulnerability".

"It is highly likely that this vulnerability will be exploited in the wild in the near future as attackers develop exploit code," said senior research engineer with Tenable Satnam Narang.

"It is critically important for organisations and system administrators to apply patches as soon as possible to reduce their risk of compromise."

The WannaCry ransomware epidemic affected countless machines across the world, and in the UK became known for its devastating effects in the NHS. Research published in October estimated the cost to the health service was 92 million and was primarily allowed to spread due to unpatched Windows XP and Windows 7 machines.

Although Windows 7 systems are to be taken out of Microsoft's support cycle by January 2020, the market share for this operating system only began its terminal decline as recently as April.

Keumars Afifi-Sabet

Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.