Exciting Changes Coming To 1Path.com

  • 00Days
  • 00Hours
  • 00Minutes
  • 00Seconds
Sales: (877) 516-0218
General: (678) 695-5500

Massive Cybersecurity Threat Affects Windows 8 and Earlier

Global cyberattack image


Microsoft releases a statement about Remote Desktop Protocol RCE vulnerability discovered in the Remote Desktop Services component of Windows.

The vulnerability allows an unauthenticated attacker to connect to the target system using RDP and send special requests. A successful attack would allow the attacker to execute arbitrary code on the target system, enabling them to perform various actions such as installing programs, changing data, or creating new accounts with full user permissions.

If you run any versions of Windows prior to Windows 8, you may be affected by this vulnerability.  Microsoft has released patches for Windows versions all the way back to Windows 2003/XP and they strongly advise applying the patches as soon as possible.

According to the Wall Street Journal, Microsoft took the unusual step of warning the public that the vulnerability could be used as a cyber weapon. Attackers could have the upper hand as people often are too slow to roll out security enhancements in their software.

Per Microsoft, “the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.”

According to Alert Logic, the RCE vulnerability is pre-authentication and requires no user interaction. To exploit, an attacker would need to be able to establish a connection to a vulnerable system with RDP exposed to the public internet.

Free Cybersecurity Quiz



Share on facebook
Share on twitter
Share on linkedin


Join 30K Business & IT Professionals by signing up for our email list to receive updates on IT and Cybersecurity directly in your inbox.

RFP for IT Template
Perfect AV eBook