The Malware So Dangerous Microsoft Just Patched Windows XP
- Anthony
- May 17, 2019
- 10:29 AM
- No Comments
Plus more security flaws in other stuff – of course…
Microsoft has released security patches for Windows Server 2003 and Windows XP. Yes, the Windows XP that came out in the same year as the first Lord of the Rings film (The Fellowship of the Ring, 2001).
This highly unusual move was prompted by a security vulnerability so bad that Microsoft felt it had to patch XP, despite the operating system being positively geriatric in technology terms.
The flaw, which exists in Remote Desktop Services (RDP), is particularly dangerous, because it requires no interaction from the victim to work. In the simplest of terms, it means criminals can take full control – with admin rights – of internet-connected computers and servers that use RDP.
^ Even if you don't do anything, affected versions of RDP are a danger
What’s more, even if you only use RDP on your internal network, you can still be affected. All it takes is for one person to open an infected email attachment or link, and the malware will quickly spread.
But there is some good news: Microsoft’s newer operating systems aren’t affected, so if you’re running Windows Server 2016, Windows Server 2012, Windows 8 or Windows 10, you’re okay. Apart from Windows Server 2003 and Windows XP, you’ll also need to apply patches for:
- Windows 7
- Window Server 2008 R2
- Windows Server 2008.
Of course, if you are running any of these older operating systems, the best long-term solution is to upgrade to something newer like Windows 10 or Windows Server 2019. You may also want to consider a managed patching service, which ensures the operating systems for your servers and PCs are always fully up to date.
And now on to those other security flaws…
More Bad News
First up, we have some new processor vulnerabilities, similar to the Meltdown and Spectre bugs that made headlines last year.
Zombieload, Fallout, RIDL and Store-to-Leak Forwarding, like Meltdown and Spectre, exploit a technology called speculative execution, which is used by computer processors predict what data will be needed in advance, to improve performance. These exploits use this so they are able to access data that they should not be able to, including passwords and other secret information.
^ No processor flaw worth its salt would be seen without its own logo
Again, there is some good news: if you’re using eighth- or ninth-generation Intel Core processors, you aren’t affected. The same goes for second-generation Intel Xeon Scalable processors.
For everyone else, the solution is, of course, to update and patch all your computers and servers. Install all your Windows updates and apply the new microcodes for your processors. Note: processor updates will also be distributed by Windows Update in due course.
As well as Zombieload and its friends, you may also need to deal with a security flaw that affects a large number of networking devices made by Cisco. This vulnerability could put your emails at risk if it not patched. You can see the full list of affected products on the Cisco website.
Cisco is said to be working on “software fixes” for all affected devices, which means firmware updates. In large or complex networks, this may require an engineer to carry out a site visit to test potentially affected devices and to implement patches in a way that doesn’t have a negative impact on the performance or integrity of the network.
What To Do
If you're a TMB managed services customer, we will take care of applying all software patches, so you don’t need to do anything in most of these cases. If you are running an unsupported operating system like XP, then you will need to apply the patch yourself or contact us about upgrading to Windows 10 or Server 2012.
As we said, though, the Cisco bug will most likely require an on-site visit, so if you are affected and you aren’t going to apply the firmware patches yourself, please contact TMB so we can get this fixed for you.