The vulnerability allows remote code execution with no user involvement or any authentication required, making it a gift to scum looking to spread malware.
The vulnerability was privately reported to Microsoft by the UK's National Cyber Security Center and is considered high-severity and requires low complexity to exploit.
'Now that I have your attention, it is important that affected systems are patched as quickly as possible to prevent such a scenario from happening.
For out-of-support systems including the Windows Server 2003 and Windows XP, Microsoft recommends upgrading to the latest version of Windows as the best way to address this vulnerability. It is a flaw in Intel processor hardware, meaning that it affects any operating systems running on x86 chips, including Windows.More news: Two coffees a day could help you live longer, research suggests
"An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights", Microsoft said in the vulnerability advisory.
A newly discovered vulnerability in the commonly used Remote Desktop Services (RDS) that can be abused to create worms or self-spreading malware has prompted Microsoft to create security patches for the obsolete Windows XP and Server 2003 operating systems.
For more on this, read our companion article dealing with the potential consequences, affected systems and mitigations for this remote, "wormable" Windows vulnerability.
The vulnerability can be partially mitigated by enabling Network Level Authentication (NLA) for Remote Desktop Services Connections on vulnerable systems, an authentication method which "completes user authentication before you establish a remote desktop connection and the logon screen appears".More news: Iran Jails Its National For Spying For The UK
A patch is now available for a privilege escalation vulnerability exploited in the wild that affects the way Windows Error Reporting handles files. Among the fixes is that for CVE-2019-0708, a "wormable" RDP flaw that is expected to be weaponised by attackers very soon.
Security researchers have shown it is possible to exploit MDS vulnerabilities with attacks such as rogue in-flight data load (RIDL) and Fallout to glean secrets and sensitive information such as password and digital keys on recent Intel processors.More news: Manchester City ‘fully co-operating in good faith’ with UEFA investigation