The vulnerability causing all the fuss is a flaw in Remote Desktop Services, which as the name implies lets you remotely control a far-off PC from a second PC.
Patch Tuesday It's that time of the month again, and Microsoft has released a bumper bundle of security fixes for Patch Tuesday, including one for out-of-support operating systems Windows XP and Server 2003.
Microsoft says that the critical RDS vulnerability tracked as CVE-2019-0708 impacts only older in-support versions of Windows (i.e. Windows 7, Windows Server 2008 R2, and Windows Server 2008), with security updates for the affected versions being available via the Microsoft Security Update Guide.
"This vulnerability is pre-authentication and requires no user interaction", the MSRC blog post says. The vulnerability, he said, "should be the highest priority patching because, in addition to the wormable capabilities in this exploit, many modern ransomware variants, such as Dharma, Robbinhood, and CrySIS, often use vulnerable RDP servers to gain access to victim networks".
Customers who use an in-support version of Windows such as Windows 7 and Windows Server 2008 will receive the update if they have automatic updates enabled, while Windows XP users can download fixes from Microsoft's Update Catalogue or upgrade their version of Windows. Windows 8 and 10 are unaffected, but there's still a vast pool of older systems out there that could be hit if left unpatched.
Despite this, potential attackers could still abuse the RCE vulnerability if they already have the credentials needed to authenticate on a system where RDS is enabled. But this flaw is so serious that Microsoft has also issued a patch for Windows XP and its server brethren, which officially died five years ago.
A patch is now available for a privilege escalation vulnerability exploited in the wild that affects the way Windows Error Reporting handles files. In particular there's fixes out for the information-leaking family of Microarchitectural Data Sampling (MDS) security flaws in Intel processors revealed this week.
Microsoft's May 2019 Patch Tuesday fixed 79 vulnerabilities, 19 of which are classed as Critical.
Asian stocks drop, yuan slides as trade war escalates
The idea that China would dump its $1.1 trillion of Treasuries to retaliate against USA tariffs is often dismissed as improbable. China industrial production and retail sales are slated for Wednesday, same day as USA retail sales and industrial production.