Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Microsoft Security Windows

Microsoft Patches 'Wormable' Flaw in Windows XP, 7 and Windows 2003 (krebsonsecurity.com) 52

Posted by msmash from the greater-good dept.
Microsoft today is taking the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003, citing the discovery of a "wormable" flaw that the company says could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017. From a report: The vulnerability (CVE-2019-0708) resides in the "remote desktop services" component built into supported versions of Windows, including Windows 7, Windows Server 2008 R2, and Windows Server 2008. It also is present in computers powered by Windows XP and Windows 2003, operating systems for which Microsoft long ago stopped shipping security updates. Microsoft said the company has not yet observed any evidence of attacks against the dangerous security flaw, but that it is trying to head off a serious and imminent threat.
This discussion has been archived. No new comments can be posted.

Microsoft Patches 'Wormable' Flaw in Windows XP, 7 and Windows 2003 More

Microsoft Patches 'Wormable' Flaw in Windows XP, 7 and Windows 2003

Comments Filter:

  • Windows XP still not going away (Score:5, Interesting)

    by xack ( 5304745 ) on Tuesday May 14, 2019 @05:17PM (#58593358)
    Even after five years Microsoft is still giving out occasional updates to XP. Microsoft knows China and many other countries rely on XP too much to give it up. I get over 2000 hits a month on a Windows XP support site I run and I still make my sites viewable in old versions of IE. I’m really looking forward to all the shitstorms that will happen when Microsoft pulls the plug entirely, Windows 7 too.

    • I'm running XP boxes with a regedit hack [pcworld.com] that makes them think they are embedded POS.

      I still get security updates. For now.

      • It's worse than that, it's dead Jim!:

        Windows XP Dies Final Death As Embedded POSReady 2009 Reaches End of Life [slashdot.org]

        • And yet, I'm still getting security updates.

          And what do you have to say about this?

          Microsoft Patches 'Wormable' Flaw in Windows XP , 7 and Windows 2003

          • You do know only HALF of your OS gets updates with POS.

            Come on WIndowsXP sucked when it came out. I remember I WAS HERE ON /, when it was a news story in 2001. You know what? I would have been shocked and horrified including yourself from 2001 if you knew you would be running that oh 18 years from now?! Let it go.

            • Comment removed based on user account deletion

              • Re: (Score:2)

                by pnutjam ( 523990 )
                To be fair to Debian, or many other Linuxes. There are users running the same install from that long ago, with rolling updates. I think the last time I rebuilt my home Linux server OS was 5 years ago, and probably 10 before that. I've moved the HD to a new chassis and only did a rebuild because I wanted to modify the partitioning.

              • I have not logged into a server 2003 box in many years. My parents had XP64 and being a good son got them off that dinosaur in 2014 when it hit EOL with Windows 7 when I updated a client of mine too.

                XP was I guess ok for the turn of the century compared to WinME and Windows2000. But it was a security nightmare and was so far behind in so many ways to be listed. No low rights %appdata means no snadboxing for browsers. Malware that can be a device driver due to insecure driver APIs, shitty mobile battery life

          • Re: (Score:2)

            by Kjella ( 173770 )

            And yet, I'm still getting security updates.

            That one security flaw was fixed, means the next will be fix and that they'll all be fixed. It's end of life, past extended support, past embedded support, the only reason anybody touches it is because they found a grave bug in supported products and some manager went on a mercy mission to stop people with obsolete products from turning into a botnet and PR problem.

            They wouldn't do it unless it was basically the same patch applied to a different branch, the moment it takes a different fix they're not going

    • Address of the XP support site ?
    • nothing because it has next to no install base.
    • Then don't patch XP.

  • KB-waffle-waffle (Score:1)

    by Anonymous Coward

    Hidden in amongst the 100+ disabled "update gems" with a non-specific description along the KB number, might lurk this update. Doubtless it would want to drag in 10 of its mates which would enable other non-descript waffle-waffle KB numbers, bringing full telemetry to system. NO.

  • Huh? What about WSUS offline (Score:1)

    by Anonymous Coward

    The XP repositories are gone from WSUS offline. Apparently they're still active at Microsoft though and the WSUS offline guys are being lazy by not maintaining it? I mean it's basically just a glorified shell script that hits the Microsoft servers, why not keep the XP and older stuff around? I don't get it.

  • How do you close TCP port 135 on Win7 and newer systems? You CAN NOT! In XP I can easily close it down.
    What happened to the $MFT bug on Win Vista up to Win10 machines? That is basically the same NTFS but XP doesn't have that bug, you mean NTFS of Vista and up are different type of NTFS? WTF?!

Slashdot Top Deals

Every nonzero finite dimensional inner product space has an orthonormal basis. It makes sense, when you don't think about it.

Close