Alerts

We highlight current cyber security threats in New Zealand, and provide guidance on what to do if they affect you.

4:55pm, 5 November 2019

TLP Rating: White

Serious issue with older Microsoft Windows systems

Updated from 15 May 2019

Earlier this year, Microsoft released information about an issue in older Windows operating systems. Microsoft released software updates for all affected versions.

It has now been reported by security researchers that attackers are actively targeting the older Windows operating systems and installing malicious software.

CERT NZ strongly recommends following the steps in this advisory and updating your operating system as soon as possible. Once you have updated your software, you are no longer at risk.

What's happening

Systems affected

The systems at risk are:

  • Windows 7
  • Windows XP.

The following versions of Windows are not affected:

  • Windows 8
  • Windows 10

Businesses should note that some versions of Windows Server are at risk as well. The versions of Window Server at risk are:

  • Windows Server 2008 R2
  • Windows Server 2008
  • Windows Server 2003.

If you’re unsure if your organisation uses these, talk to your IT services provider.

What this means

Microsoft has identified an issue with a Windows service called remote desktop services. The issue could allow an attacker to connect remotely and gain control of the system if you are using an older version of Windows.

Attackers could take advantage of this issue by using malware that can move easily from one computer to another. This is similar to how the WannaCry malware worked.

To prevent this, we strongly recommend users update their systems immediately.

What to look for

How to tell if you're at risk

You are at risk if you have not updated your software today and you’re using:

  • Windows 7
  • Windows XP.

Businesses: you’re also at risk if you have not applied security software updates and you’re using the following:

  • Windows Server 2003
  • Windows Server 2008 R2
  • Windows Server 2008

What to do

Prevention

If you’re using Windows 7, we recommend you update your Windows software as soon as possible.

Update your Windows 7 software External Link .

If you’re using Windows XP, we recommend you upgrade to a new version of Windows. If you can’t upgrade immediately, we recommend you update your software with these security fixes:

Update your Windows XP software External Link .

Note: these updates will not happen automatically, it is important that users of these systems update them manually. 

If you’re using Windows 8 or Windows 10, you don’t need to do anything as these systems are not affected. CERT NZ recommends you turn on automatic updates so that future software updates can happen automatically.

Mitigation

Mitigation advice for businesses:

  • If you don’t need to access your desktop remotely, ask your IT provider to block RDP services from the internet.
  • If you do need to access your desktop remotely, talk to your IT provider about using a VPN instead and enabling two-factor authentication to access it.
  • Ask your IT provider to apply the security updates if you use Microsoft Server 2008 R2 or older.

More information

If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.

Report an incident to CERT NZ

 For media enquiries, email our media desk at media@mbie.govt.nz or call the MBIE media team on 027 442 2141.