Hey, Windows 7 and XP Users -- You Need to Patch Now
Microsoft is patching Windows XP as well as Windows 7 to fix a wormable flaw in Remote Desktop Protocol.
This month's round of Microsoft Patch Tuesday security updates was just released, and there's a pretty serious flaw that affects all Microsoft operating systems earlier than Windows 8.
Windows 7 and its server-based siblings naturally get patches for this, since those operating systems are officially supported until January 2020. But this flaw is so serious that Microsoft has also issued a patch for Windows XP and its server brethren, which officially died five years ago. (Nothing for Windows Vista, though, boo hoo.)
"We are taking the unusual step of providing a security update for all customers to protect Windows platforms, including some out-of-support versions of Windows," the Microsoft Security Response Team wrote in a blog posting today.
Windows 7 users should run Windows Update to get the patch, or go here for manual downloads if that doesn't work. We're not sure if Window Update will still run on Windows XP, but if not, Microsoft has patches for XP SP3, and for 64-bit XP SP2, that you can manually download here.
MORE: Best Windows Antivirus
The vulnerability causing all the fuss is a flaw in Remote Desktop Services, which as the name implies lets you remotely control a far-off PC from a second PC. The flaw lets, well, anyone do that without authorization, and without tipping off another user of the same computer. Even worse, malware exploiting the flaw could spread from one infected computer to another on its own.
"This vulnerability is pre-authentication and requires no user interaction," the MSRC blog post says. "In other words, the vulnerability is 'wormable,' meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
"While we have observed no exploitation of this vulnerability," the post adds, "it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware. Now that I have your attention, it is important that affected systems are patched as quickly as possible to prevent such a scenario from happening."
If you're still running Windows XP on one of your primary-use machines, please update it to something more current. (Old hardware can run very nice versions of Linux, which cost nothing.) And if you're one of those stick-in-the-muds still running Windows 7, you have eight months to update those machines to Windows 10. (Here's how to update to Windows 10 for free.)
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.