RDP Services Remote Code Execution Vulnerability (CVSS Score 9.8) so severe Microsoft Patching XP and Server 2003

[Slayerking92]

In case anyone here is still running XP.  It must be serious if M$ is making an XP patch.

Quote

Microsoft today is taking the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003, citing the discovery of a “wormable” flaw that the company says could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017.

https://krebsonsecurity.com/2019/05/microsoft-patches-wormable-flaw-in-windows-xp-7-and-windows-2003/

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

 

XP Patches are here: https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708

[Silentprototipe]

Microsoft cant kill XP/2003 lel

[justpoet]

1 hour ago, Silentprototipe said:

Microsoft cant kill XP/2003 lel

Well, when your most up to date option is a hot pile of cloud advertisement bloated trash...

[dfsdfgfkjsefoiqzemnd]

Kinda makes sense, seeing as they only really dropped support for XP POSready this April.  About 4% of Windows machines are still on XP.

 

 

hmm ... also it looks like Win7 overtook Win10 again.  

[Zodiark1593]

Still have some XP machines here at work, though they're primarily for the very expensive machinery they're attached to.

[williamcll]

It shocks me how people still use windows 8

[ZacoAttaco]

7 hours ago, Silentprototipe said:

Microsoft cant kill XP/2003 lel 

I think there was a story that the US Navy made a special deal with Microsoft to continue using Windows XP and get longer support for it. There's still a need for Microsoft to support them some what.

37 minutes ago, williamcll said:

It shocks me how people still use windows 8

Until recently I think Luke was using Windows 8, Windows 7 wasn't being supported for some newer titles and he still had bad experiences from Windows 10. I think he's running Linux Mint now, pretty good Linux distro for those comfortable with Windows-like environments.

 

Also, this seems like something that would be used in a CTF event using a tool like Metasploit or Armitage is Kali Linux. As you might expect, there's a ton of vulnerabilities for unpatched and outdated versions of Windows especially server editions.

[Trixanity]

8 hours ago, Captain Chaos said:

Kinda makes sense, seeing as they only really dropped support for XP POSready this April.  About 4% of Windows machines are still on XP.

 

 

hmm ... also it looks like Win7 overtook Win10 again.  

I think Windows XP has always been piece of shit ready regardless of date or version.

[leadeater]

9 minutes ago, VegetableStu said:

"we have the enemy ship in our reach. they are not aware of us"

"load the USB torpedos"

"Raise 5.25" floppy shields!"

[Chunchunmaru_]

I suppose systems who are currently running Windows XP for a specific reason are not connected to the internet anyway

[Trixanity]

18 minutes ago, Chunchunmaru_ said:

I suppose systems who are currently running Windows XP for a specific reason are not connected to the internet anyway

That sounds decidedly optimistic.

[bcredeur97]

12 hours ago, Silentprototipe said:

Microsoft cant kill XP/2003 lel

I almost feel like XP is like the first OS where A LOT of people went from "no computer" to "computer" 

Which I guess sort of explains why people don't want to let go of it. It's all they've ever known

 

+ I guess that came before the time where people had the general realization "hey this is new now but in 7-10 years it wont be supported anymore so lets make sure we don't build ourselves into a hole"

[Doobeedoo]

Not letting old OSs die huh. Still digging them up and not leaving them to the worms. 

Using such outdated OS today is like putting a used condom you've found on a bench somewhere. 

[justpoet]

2 hours ago, bcredeur97 said:

I almost feel like XP is like the first OS where A LOT of people went from "no computer" to "computer" 

Which I guess sort of explains why people don't want to let go of it. It's all they've ever known

 

+ I guess that came before the time where people had the general realization "hey this is new now but in 7-10 years it wont be supported anymore so lets make sure we don't build ourselves into a hole"

To be fair.  For non-enthusiast folks, computers really can run for a LONG time.

 

I just got an original Mac mini Core Solo (from 2006) up and running on ubuntu linux not that long ago, and if all you did was e-mail and some occasional web usage and looking at some photos on it, it'd still be fine (Firefox works fine, just slow, and streaming video isn't ok).  So, for the majority of "normal home" usage cases, like that and writing some documents, it is fine even if not snappy.  Most people would then just use their phone/tablet for the majority of web and streaming usage these days anyway, preferring a new one of those to a new computer, letting older computers live even longer.

 

So, while for us tech people, that would be out of the question…my mom is still VERY happy with her 2012 Mac mini and it shows no signs of being slowed down, even when running lots of things at once, including streaming content to the AppleTV in the living room from the office, except when she's editing large RAW photos from her DSLR.

[vanished]

I know why they do this - with things that are particularly serious they feel a responsibility to protect people - but frankly I'm not a fan of them going back and patching super obsolete systems like this.  I think there's several downsides to it.  For one, it gives people a false impression that it's ok to still be using these systems - "oh, it still gets the important patches, it must be safe", when in fact, of course it is not.  It also undermines the whole concept of supported vs not supported, and gives people an excuse to hang on even longer.  I know there's people who for some reason or another are obsessed with defending and clinging to obsolete things and come up with all sorts of absolutely asinine reasons for it based on the most ridiculous mental gymnastics, and for them, they'll see this patch as a win, and take offence at the very idea that maybe XP has had its day and should be put to rest.  I have to imagine this is because they're either still developing for these platforms or were part of the decision to use them in wherever they work and have to defend their decision to avoid feeling like an absolute fool.  I think it's important that companies, and everyone in general, realizes that these are by far not the majority and not the people we should be taking direction from.  If they had their way, we'd still be making finger paintings with blood on the side of our cave walls because it's still superior to pen and paper in durability.  It's time to leave these systems behind, and if necessary, the people who use them.  The world evolves as time passes.  Accept it and move with it.  Maybe even consider being one who drives it forward instead of trying to weigh it down like a technological boat anchor.

[mr moose]

9 hours ago, justpoet said:

To be fair.  For non-enthusiast folks, computers really can run for a LONG time.

 

I just got an original Mac mini Core Solo (from 2006) up and running on ubuntu linux not that long ago, and if all you did was e-mail and some occasional web usage and looking at some photos on it, it'd still be fine (Firefox works fine, just slow, and streaming video isn't ok).  So, for the majority of "normal home" usage cases, like that and writing some documents, it is fine even if not snappy.  Most people would then just use their phone/tablet for the majority of web and streaming usage these days anyway, preferring a new one of those to a new computer, letting older computers live even longer.

 

So, while for us tech people, that would be out of the question…my mom is still VERY happy with her 2012 Mac mini and it shows no signs of being slowed down, even when running lots of things at once, including streaming content to the AppleTV in the living room from the office, except when she's editing large RAW photos from her DSLR.

So are you saying that because XP can still do the tasks that average people use that companies should be forced to keep maintaining them until they can't adequately receive an email?  XP is 18 years old. and trying to keep it running safely will come at the cost of resources going into OS that support new hardware for everyone else.

 

Besides all that, if the only thing the average users does is email and word then a $300 laptop every 5 to 6 years is a better proposition than being stuck in the dark ages of technology.

[justpoet]

1 hour ago, mr moose said:

So are you saying that because XP can still do the tasks that average people use that companies should be forced to keep maintaining them until they can't adequately receive an email?  XP is 18 years old. and trying to keep it running safely will come at the cost of resources going into OS that support new hardware for everyone else.

 

Besides all that, if the only thing the average users does is email and word then a $300 laptop every 5 to 6 years is a better proposition than being stuck in the dark ages of technology.

No, I'm saying that most people who have it just say "it works" and don't upgrade anything, because the mindset is "why spend ANY money on it when it is already fine?"  They don't see it the same way we do.  To them it is just like the washer and dryer.  It is an appliance that works until it doesn't.

[Commodus]

16 hours ago, Ryan_Vickers said:

I know why they do this - with things that are particularly serious they feel a responsibility to protect people - but frankly I'm not a fan of them going back and patching super obsolete systems like this.  I think there's several downsides to it.  For one, it gives people a false impression that it's ok to still be using these systems - "oh, it still gets the important patches, it must be safe", when in fact, of course it is not.  It also undermines the whole concept of supported vs not supported, and gives people an excuse to hang on even longer.  I know there's people who for some reason or another are obsessed with defending and clinging to obsolete things and come up with all sorts of absolutely asinine reasons for it based on the most ridiculous mental gymnastics, and for them, they'll see this patch as a win, and take offence at the very idea that maybe XP has had its day and should be put to rest.  I have to imagine this is because they're either still developing for these platforms or were part of the decision to use them in wherever they work and have to defend their decision to avoid feeling like an absolute fool.  I think it's important that companies, and everyone in general, realizes that these are by far not the majority and not the people we should be taking direction from.  If they had their way, we'd still be making finger paintings with blood on the side of our cave walls because it's still superior to pen and paper in durability.  It's time to leave these systems behind, and if necessary, the people who use them.  The world evolves as time passes.  Accept it and move with it.  Maybe even consider being one who drives it forward instead of trying to weigh it down like a technological boat anchor.

It feels as if Microsoft is facing punishment for its "legacy support above all else" mindset from years past, where it insisted on maintaining compatibility at the expense of progress.  In that sense, Apple has had the right idea for a long time -- you sometimes need to give users a push if you're going to move technology forward.

[mr moose]

6 hours ago, Commodus said:

It feels as if Microsoft is facing punishment for its "legacy support above all else" mindset from years past, where it insisted on maintaining compatibility at the expense of progress.  In that sense, Apple has had the right idea for a long time -- you sometimes need to give users a push if you're going to move technology forward.

MS didn't insist on any of that, consumers demanded it.  When their OS is running everything from nuclear submarines to high precision and extremely lean manufacturing plants, they couldn't afford to not support legacy.  

 

EDIT: in fact they tried to get away from it much earlier but that older tech is so entrenched in some services that companies elected to spend millions on further support rather than billions on upgrading everything.

[Guest]

On 5/15/2019 at 9:48 PM, VegetableStu said:

"we have the enemy ship in our reach. they are not aware of us"

"load the USB torpedos"

They use the interactive VR tool “Minesweeper.exe” to train Navy Officers.

[power666]

On 5/15/2019 at 4:48 AM, VegetableStu said:

"we have the enemy ship in our reach. they are not aware of us"

"load the USB torpedos"

 

Tow that Windows boat back to port.

[AlexGoesHigh]

On 5/15/2019 at 7:24 AM, williamcll said:

It shocks me how people still use windows 8

Its people that bought a system during that era and just never bothered to upgrade for reasons such as not having time or being production equipment where if it ain't broke, don't fix it.

 

My networking teacher was running a laptop with 8.1 until 2 weeks ago. he only upgraded because he bought a new laptop.

[Ithanul]

On 5/15/2019 at 1:01 AM, ZacoAttaco said:

I think there was a story that the US Navy made a special deal with Microsoft to continue using Windows XP and get longer support for it. There's still a need for Microsoft to support them some what.

Not surprising, I still see some rare XPs used by the Army and AirForce as well.

Along with some W7s too.

On 5/15/2019 at 4:58 AM, leadeater said:

"Raise 5.25" floppy shields!"

....

....

Put tapes with that as well. 

On 5/15/2019 at 8:14 PM, justpoet said:

No, I'm saying that most people who have it just say "it works" and don't upgrade anything, because the mindset is "why spend ANY money on it when it is already fine?"  They don't see it the same way we do.  To them it is just like the washer and dryer.  It is an appliance that works until it doesn't.

Sums up how a good chunk of my relatives view computers.  Though, good chunk of them no longer use desktops anymore.

[williamcll]

Do you know that most immigration halls in China still use XP for scanning ID/Passports?