Microsoft pushes patch to prevent ‘WannaCry level’ vulnerability
Threat Intelligence Team
Threat Intelligence Team
This month marks the two-year anniversary since the infamous WannaCry attack. As an anniversary present to the world, Microsoft has pushed out patches to secure a newly-identified Remote Desktop Protocol (RDP) vulnerability found in certain Windows operating systems.
The potential damage of the newly-discovered RDP vulnerability matches the same dangers we experienced with the WannaCry ransomware, a malware that utilized weaponized vulnerabilities to infect systems across the globe, basically acting as a worm. This same RDP vulnerability allows attackers to execute code on the targeted system without needing to infect the system first.
So, worst-case-scenario? A WannaCry wannabe will quickly spread malware across the world, exploiting vulnerable systems and sending everyone into a panic.https://www.youtube.com/watch?v=IEAtGCkbq5Y
How to patch the vulnerability
So how do you fix this? Luckily, Microsoft has released patches for vulnerable operating systems, which includes most operating systems pre-Windows 8:
- Windows 7 for 32-bit Systems Service Pack 1
- Windows 7 for x64-based Systems Service Pack 1
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
- Windows Server 2008 for Itanium-Based Systems Service Pack
- Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
- Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
- Windows XP SP3 x86
- Windows XP Professional x64 Edition SP2
- Windows XP Embedded SP3 x86
- Windows Server 2003 SP2 x86
- Windows Server 2003 x64 Edition SP2
Anyone who is running Windows 8, 10, or any of the modern Windows Server operating systems is not vulnerable to this threat.
If you have one of the aforementioned operating systems currently running and connected to the Internet, you’ll need to update as soon as possible. Not all of these operating systems are out of support for Microsoft, and those who have automatic updates should be fine and patched already.
However, if you are unable to enable automatic updates, or you are still running Windows XP and/or Windows Server 2003, you’ll need to download the patch and manually execute it.
For those of you who need to update manually, just click on the operating system you are working with and you’ll be navigated to the Microsoft patch download page, which has the patches you need to download.https://twitter.com/GossiTheDog/status/1128348383704485895Security researcher Kevin Beaumont identified millions of vulnerable systems on Shodan.io.
Learning from history
RDP has historically been an avenue for attackers attempting to break into systems and/or drop malware, but we’ve noticed an uptick in RDP attacks against businesses over the last year. With that in mind, even after patching, you should consider checking out our guide on how to protect RDP from ransomware attacks.
The incident with WannaCry in 2017 has forever changed the perception of how to launch an effective attack against a large portion of the world. We’ve observed exploits used by this threat in modern commercial malware, such as Emotet and TrickBot.
It would not be out of the realm of possibility that within the next few weeks, this vulnerability will be weaponized and used against consumers and businesses who fail to patch and protect their networks. Don’t be a statistic. Protect your machines, data, networks, and users right now.