Microsoft urges users of Windows 7 and XP to update their systems. A vulnerability that could create a new situation such as with WannaCry has been addressed, but an estimated one million systems are still susceptible to the worm.
This is cve-2019-0708 , for which Microsoft released a patch last month . Microsoft says in the report that it is convinced that an exploit for the vulnerability exists, but this has not yet been signaled. Nonetheless, Microsoft is now repeating its advice to update the systems because the EternalBlue vulnerability, which WannaCry used, also struck while a patch had already been made available 60 days ago. The estimate that there are still a million vulnerable devices is from Errata Security.
This specifically concerns Windows XP and Windows 7, and Windows Server 2003, 2008, and 2008 R2. The more modern Windows 8 and Windows 10 are not included. Windows XP has not received security updates since 2014, but due to the severity of the leak, Microsoft is now making an exception. Windows XP is still used in many companies and governments, because it is expensive or too complicated to upgrade to a newer version of Windows. XP users must download the update manually . With Windows 7 this is done automatically.
The discovered leak is in the Remote Desktop Services. Users whose service is on and open to the web are vulnerable. From an infected computer, the worm can infect other vulnerable computers at the local level, including those that are not open to the web with regard to Remote Desktop.