Microsoft urges Windows customers to patch wormable RDP flaw
Microsoft has fixed a critical vulnerability in some versions of Windows that can be exploited to create a powerful worm. The company even took the unusual step of releasing patches for Windows XP and Windows Server 2003, which haven’t been supported in years, because it believes the threat to be very high.
The vulnerability, tracked as CVE-2019-0708, is located in Remote Desktop Services, formerly known as Terminal Services. This component handles connections over the Remote Desktop Protocol (RDP), a widely used protocol for remotely managing Windows systems on corporate networks.