Microsoft has issued its second warning against recently discovered vulnerability on Thursday, advising users to update their systems to prevent a re-run of attacks similar to WannaCry. The company said that due to this bug, Windows can allow attackers to remotely run code on a vulnerable computer.
The software giant released a patch earlier this month for its older version of Windows i.e. Windows 7 Windows XP and Server 2003.
Security expert Robert Graham said that almost 1 million systems could be affected by a vulnerability in the Windows. He claimed that it could be used to create worms that automatically spread from one vulnerable computer to another.
On May 14, Microsoft posted the issue on its blog and said that Windows Remote Desktop Protocol (RDP) flaw is a critical Remote Code Execution vulnerability that requires no user action to be used by the attackers. The newly discovered vulnerability harms older versions of Windows on a scale similar to the WannaCry ransomware in 2017. The bugs, CVE-2019-0708 — better known as BlueKeep, exist pre-authentication into the RDP protocol, which means that it's wormable and an attacker could use it to propagate their malware from computer to computer.
Microsoft also claimed that only Windows 8 and Windows 10 are not vulnerable to the bug. But the bug is so dangerous that the company took the unusual step of issuing a security patch for long since discontinued operating systems.
Another independent malware researcher Marcus Hutchins posted a tweet and claimed that it took him "an hour to figure out how to exploit the vulnerability" and four days to develop working exploit code, but he declined to immediately publish the code as he calls it "dangerous."
So, if you are using an old version of Windows, Please check for an update to avoid any attack on your computer.