Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003

Microsoft today is taking the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003, citing the discovery of a “wormable” flaw that the company says could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017. It also is present in computers powered by Windows XP and Windows 2003, operating systems for which Microsoft long ago stopped shipping security updates. One of those critical updates fixes a zero-day vulnerability — (CVE-2019-0863) in the Windows Error Reporting Service — that’s already been seen in targeted attacks, according to Chris Goettl, director of product management for security vendor Ivanti.

Source: krebsonsecurity.com