Microsoft announced that it has issued a patch for a major security flaw in Windows XP and Windows 7.
The company urged users to download the latest Windows update for the affected systems, which fixes a critical remote code execution vulnerability in the Remote Desktop Services process.
Affected versions of the operating system include:
- Windows XP
- Windows 7
- Windows Server 2003
- Windows Server 2008 R2
- Windows Server 2008
Microsoft said the vulnerability is “wormable”, which means attackers could use it to spread malware across devices in a similar manner to the way WannaCry spread in 2017.
“While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware,” Microsoft said.
Customers who use an in-support version of Windows such as Windows 7 and Windows Server 2008 will receive the update if they have automatic updates enabled, while Windows XP users can download fixes from Microsoft’s Update Catalogue or upgrade their version of Windows.
“Customers running Windows 8 and Windows 10 are not affected by this vulnerability, and it is no coincidence that later versions of Windows are unaffected,” the company said.
“Microsoft invests heavily in strengthening the security of its products, often through major architectural improvements that are not possible to backport to earlier versions of Windows.”