4:55pm, 5 November 2019
TLP Rating:
Serious issue with older Microsoft Windows systems
Updated from 15 May 2019
Earlier this year, Microsoft released information about an issue in older Windows operating systems. Microsoft released software updates for all affected versions.
It has now been reported by security researchers that attackers are actively targeting the older Windows operating systems and installing malicious software.
CERT NZ strongly recommends following the steps in this advisory and updating your operating system as soon as possible. Once you have updated your software, you are no longer at risk.
What's happening
Systems affected
The systems at risk are:
- Windows 7
- Windows XP.
The following versions of Windows are not affected:
- Windows 8
- Windows 10
Businesses should note that some versions of Windows Server are at risk as well. The versions of Window Server at risk are:
- Windows Server 2008 R2
- Windows Server 2008
- Windows Server 2003.
If you’re unsure if your organisation uses these, talk to your IT services provider.
What this means
Microsoft has identified an issue with a Windows service called remote desktop services. The issue could allow an attacker to connect remotely and gain control of the system if you are using an older version of Windows.
Attackers could take advantage of this issue by using malware that can move easily from one computer to another. This is similar to how the WannaCry malware worked.
To prevent this, we strongly recommend users update their systems immediately.
What to look for
How to tell if you're at risk
You are at risk if you have not updated your software today and you’re using:
- Windows 7
- Windows XP.
Businesses: you’re also at risk if you have not applied security software updates and you’re using the following:
- Windows Server 2003
- Windows Server 2008 R2
- Windows Server 2008
What to do
Prevention
If you’re using Windows 7, we recommend you update your Windows software as soon as possible.
Update your Windows 7 software External Link .
If you’re using Windows XP, we recommend you upgrade to a new version of Windows. If you can’t upgrade immediately, we recommend you update your software with these security fixes:
Update your Windows XP software External Link .
Note: these updates will not happen automatically, it is important that users of these systems update them manually.
If you’re using Windows 8 or Windows 10, you don’t need to do anything as these systems are not affected. CERT NZ recommends you turn on automatic updates so that future software updates can happen automatically.
Mitigation
Mitigation advice for businesses:
- If you don’t need to access your desktop remotely, ask your IT provider to block RDP services from the internet.
- If you do need to access your desktop remotely, talk to your IT provider about using a VPN instead and enabling two-factor authentication to access it.
- Ask your IT provider to apply the security updates if you use Microsoft Server 2008 R2 or older.
More information
If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.
For media enquiries, email our media desk at media@mbie.govt.nz or call the MBIE media team on 027 442 2141.