Microsoft has revealed that it has discovered a vulnerability that puts users who have Windows 7 and Windows XP installed at risk. Here's how to fix it
If your PC still has a Microsoft operating system that predates Windows 8, then it's at risk: the Redmond giant, in fact, has discovered a new vulnerability in its older Windows systems that could lead to attacks similar to 2017's devastating "WannaCry," a ransomware virus that encrypts your PC's files and demands a ransom of several hundred dollars to decrypt them.
For security reasons, Microsoft has not provided any specific information about this vulnerability because, so the software house says, it has not yet been discovered and exploited by hackers. A specific patch is already available for each vulnerable Microsoft operating system: they have all been published at this address. It should be specified that the company describes this problem as "critical" but that, since it is a vulnerability to "worm" type viruses, there are no specific user behaviors that can aggravate or solve the vulnerability, except of course the installation of the official patch released by Microsoft.
The flaw is in Remote Desktop Services
About this serious vulnerability Microsoft, in fact, says that: "A vulnerability exists related to code execution in Remote Desktop Services (RDS) - formerly known as Terminal Services - when an unauthenticated malicious user connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authenticated and does not require user interaction. A malicious user who can exploit this vulnerability can execute arbitrary code on the target system. Un utente malintenzionato potrebbe quindi installare programmi; visualizzare, modificare o eliminare dati; o creare nuovi account con diritti utente completi. Per sfruttare questa vulnerabilità, un utente malintenzionato dovrebbe inviare una richiesta appositamente predisposta ai sistemi di destinazione Remote Desktop Service tramite RDP. L’aggiornamento risolve la vulnerabilità correggendo il modo in cui Servizi Desktop remoto gestiscono le richieste di connessione“.
Microsoft Windows: quali versioni sono vulnerabili
Di seguito l’elenco dei sistemi operativi Microsoft vulnerabili a un attacco “simil WannaCry“. Se il tuo PC ha installato una di queste versioni di Windows, allora è urgente procedere all’installazione della patch:
- Windows 7 for 32-bit Systems Service Pack 1
- Windows 7 for x64-based Systems Service Pack 1
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
- Windows Server 2008 for Itanium-Based Systems Service Pack 2
- Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
- Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems Service Pack 1