Last month, Microsoft discovered that a remote code execution vulnerability existed in Windows systems, urging users to install security patches to solve the wormable vulnerability. The company has now admitted that “nearly one million computers connected directly to the internet are still vulnerable” to the issue.
Even though Microsoft sent out patches to Windows 7, Windows Server 2008, and Windows Server 2008 R2 to protect against the vulnerability, it has confirmed that the “scenario could be even worse” than expected. The company says there’s a chance that any future malware may also attempt further exploitation of vulnerabilities that have already been fixed.
Microsoft Security Response Center’s Incident Response Director, Simon Pope said “It’s been only two weeks since the fix was released and there has been no sign of a worm yet. This does not mean that we’re out of the woods. We strongly advise that all affected systems should be updated as soon as possible”.
Pope also noted that “they serve to inform the risks of not applying fixes for this vulnerability in a timely manner” like they did when ransomware attacks involving the WannaCry bug started to arise.
Microsoft revealed that it started sending patches to its systems against the EternalBlue exploit two months in advance and it was the users who hadn’t patched their systems who got infected by the ransomware.
Microsoft said a remote code execution vulnerability exists in Remote Desktop Services when “an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests”. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system.
The vulnerability could thus allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights; allowing him to access anything on a user’s PC.
Fortunately, Windows 10 and Windows 8 systems aren’t affected by this vulnerability, though Microsoft’s biggest issue came with Windows 7 which is still running in several machines across the globe. Microsoft is thus attempting to avoid another case of the WannaCry exploit which wreaked havoc across 150 countries with more than 200,000 computers infected back in 2017.