Microsoft just issued a patch for a Remote Desktop vulnerability so bad that the patch covers unsupported versions of Windows. The company says it's worried that hackers will build an exploit for this flaw into a worm like WannaCry. https://t.co/nhDW05Vjp8

— Eric Geller (@ericgeller) May 14, 2019

Prevent a worm! Microsoft released fixes for critical RCE vulnerability CVE-2019-0708 in Remote Desktop Services that affects Windows 7 & Windows Server 2008/2008R2. Protocol itself is not vulnerable, it's pre-authentication & requires no user interaction https://t.co/fePC5xxAdm pic.twitter.com/cEzSRFAF2A

— Artyom Sinitsyn (@ArtyomSinitsyn) May 14, 2019

stop trying to make XP happen https://t.co/Sm2wJnFl0m

— @mikko (@mikko) May 14, 2019

Microsoft is warning of another WannaCry situation. The software maker has released fixes for a critical security exploit in Windows 7, Windows XP, and old server variants. Microsoft is calling this exploit ‘wormable’ which is pretty major. Details here: https://t.co/e5pWkOvKNz pic.twitter.com/UoobY5u20H

— Tom Warren (@tomwarren) May 14, 2019

Windows XP get's a Patch! It's 2019! https://t.co/5eFQrQIt5f

— Bruno Hautzenberger (@salendron) May 14, 2019

A bit more on the RDP/RDS flaw patched by Microsoft today per @maryjofoley. https://t.co/OUe1xuF9hd

— Zack Whittaker (@zackwhittaker) May 14, 2019

Patch Tuesday: Citing a potential 'wormable' flaw in Remote Desktop Services, Microsoft is patching not just Windows 7, but its no-longer-supported XP and Windows Server 2003 OS variants, as well. https://t.co/jlF5tCiEHS

— Mary Jo Foley (@maryjofoley) May 14, 2019

It's not a good sign if Microsoft issue a patch for Windows XP. ?https://t.co/wdqvr8qtS7

— Alasdair Allan (@aallan) May 14, 2019

Microsoft patches Windows XP, Server 2003 to try to head off 'wormable' flaw https://t.co/BZOUtGMkHe by @maryjofoley

— ZDNet (@ZDNet) May 14, 2019

? Very important security update for Windows ? CVE-2018-0708 allows remote, unauthenticated code execution is RDP (Remote Desktop). A very bad thing you should patch against. Around 3 million RDP endpoints are directly exposed to internet. https://t.co/EAdg3VNMjw pic.twitter.com/u2V3uyoyVs

— Kevin Beaumont ??‍♀️ (@GossiTheDog) May 14, 2019

#Microsoft  #RDP vulnerability is out (w7 and ws2008) patch now! https://t.co/6GRQbwUo3y pic.twitter.com/uqABnC1gHO

— Emanuele Gentili (@emgent) May 14, 2019

A vulnerability was discovered in Remote Desktop Services for older versions of Windows. While there is no indication that this vulnerability has been exploited, it could allow malware to easily spread between accessible systems using worm behavior.https://t.co/oIqYFYsE4E

— BleepingComputer (@BleepinComputer) May 14, 2019

Patch now, especially if Remote Desktop is exposed.

CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerabilityhttps://t.co/uWuGqmjDkM

— Jason Nickola (@chm0dx) May 14, 2019

✅Unauthenticated
✅No interaction required
✅RCE
✅via RDP
Umm... https://t.co/lxUByhsD2E Affects Server 2008/2008 R2 and Windows 7 pic.twitter.com/tdP5x60YUS

— David Longenecker (@dnlongen) May 14, 2019

WhatsApp hacks and Intel chip flaws are cool an' all, but Microsoft's just come screaming in with a wormable remote desktop pre-authentication vulnerability affecting Windows 7, Server 2008 R2, and Server 2008. Story to follow...

Info: https://t.co/CIlfJpKWnt

— The Register (@TheRegister) May 14, 2019

I always called #RDP the "Really Dangerous Protocol" for a reason. CVE-2019-0708 looking like a lively patching cycle.

The folks applying patches are the heroes. Plus top response from Microsoft backdating it. https://t.co/zeE0CiNkvz

— Paul Ritchie (@cornerpirate) May 14, 2019

So in summary:

Microsoft patched a wormable bug in RDS https://t.co/TkMFGM91Rk

Intel patched a passel of Spectre-al bugshttps://t.co/s31HVO9TSa

WhatsApp patched a 0-click RCE bughttps://t.co/mZ5SE7TLCb

And it's only Tuesday!

— Dennis (@DennisF) May 14, 2019

The May 2019 release includes updates for a critical vulnerability affecting the Remote Desktop Services service in older operating systems; we recommend customers install as soon as possible. More details here: https://t.co/RfhLk0OSX7

— Security Response (@msftsecresponse) May 14, 2019

I know everyones attention is going towards whatsapp. But if you use RDP. Please read and update ASAP! https://t.co/fyfA74U3FN

— Dave Maasland (@DaveMaasland) May 14, 2019

Pay close attention to this #PatchTuesday. There is a critical vulnerability that is potentially wormable #ConfigMgr #sccm https://t.co/nx8Jdsji6z

— Julie Andreacola (@jandreacola) May 14, 2019

Wormable vulnerability in RDP (pre-authentication), patch is out today: https://t.co/g8Yxfs2Ygc#PatchTuesday#PatchNow pic.twitter.com/TbhuZ0iein

— Conrad (@eric_conrad) May 14, 2019

#PatchNow ❯❯❯ Prevent a worm by updating Remote Desktop Services (CVE-2019-0708) #PatchTuesdayhttps://t.co/qWN55WqZr6 pic.twitter.com/3HuORjOEAs

— Below0Day (@below0day) May 14, 2019

Microsoft say to patch now to prevent a worm situation. It is particularly important for Windows 7 and Server 2008. https://t.co/ZAPYSf8twG

— Kevin Beaumont ??‍♀️ (@GossiTheDog) May 14, 2019

Please patch your Windows XP. Or kill it with fire.https://t.co/Skgv7KCyaP

— Leah Neukirchen (@LeahNeukirchen) May 14, 2019

I'M NOT DOING WANNACRY AGAIN. PATCH YOUR FUCKING SYSTEMS THIS TIME: https://t.co/8OSAQhf4EG

— Jamie Hankins (@2sec4u) May 14, 2019

Windows 8+ and server 2012+ are unaffected

Microsoft also released patches for XP and 2003 (which are end-of-life)

Translation: this is badhttps://t.co/g8Yxfskz7K pic.twitter.com/ai2JqD8xR2

— Conrad (@eric_conrad) May 14, 2019

Microsoft Fixes Critical Remote Desktop Flaw, Blocks Worm Malware https://t.co/3tMZngW9zJ

— The Cyber Security Hub (@TheCyberSecHub) May 14, 2019

If there's a patch for the "Out-of-support XP", then it's not really out of support, is it?

Also, hooray for unauthenticated remote desktop RCE. https://t.co/gVAGOmbovN

— Erik Fichtner (@unixronin) May 14, 2019

Microsoft warns of major WannaCry-like Windows security exploit, releases XP patches https://t.co/D2qj5vNOr4 pic.twitter.com/GreZgofcrh

— The Verge (@verge) May 14, 2019

마이크로소프트, 원격 데스크톱 서비스 프로토콜의 취약점으로 윈도우 XP부터 7까지, 윈도우 서버 2003~2008 R2까지를 긴급 패치. 사용자 개입이 필요 없이 그냥 찌르기만 하면 뚫리는 취약점이라 워너크라이 때처럼 전세계적으로 악용될 가능성이 있었음. https://t.co/GCgHSfgwfM

— 푸른곰 (@purengom) May 14, 2019

While everyone's talking about a WhatsApp exploit that has impacted a tiny number of people, don't ignore that Microsoft has released patches for a critical 'wormable flaw' and 78 other issues https://t.co/MVcuExbc9z pic.twitter.com/R3Gv24bKwE

— Graham Cluley (@gcluley) May 14, 2019

Microsoft releases May 2019 security updates to patch a critical "Wormable Flaw" [CVE-2019-0708] and 78 other CVE-listed vulnerabilities in its software and Windows operating systems
https://t.co/w8sAEt0xz8

by @unix_root

— Swati Khandelwal (@Swati_THN) May 14, 2019

Microsoft today took the unusual step of releasing security updates for unsupported Windows versions including XP and Win2003 -- to head off what MS is calling a "wormable" flaw that could result in another WannaCry-like outbreak https://t.co/G9daPSQzHH pic.twitter.com/60GW4qSFW0

— briankrebs (@briankrebs) May 14, 2019

Microsoft releases security update to fix RDP vulnerability that could be used in a "wormable" (self-replication) fashion, similar to how WannaCry/NotPetya abused SMB flaws.

<via @maryjofoley>https://t.co/7BhUvw2o3z pic.twitter.com/tMpEqCBTUi

— Catalin Cimpanu (@campuscodi) May 14, 2019

Regarding the RDP Vulnerability: we know that well-kept and patch management integrated systems will be patched in time - it's the unmanaged or embedded system that'll break everyone's neck#KB4493472 #CVE20190708https://t.co/ueagANOlVp

Advisoryhttps://t.co/rlMayDvgGF pic.twitter.com/Y5Hx1WNUgM

— Florian Roth (@cyb3rops) May 15, 2019

Concerning CVE-2019-0708 (Remote Desktop Services Remote Code Execution Vulnerability), we found 515 accessible RDP in the IP address space of Luxembourg. We are notifying the IP space owners (mainly ISP) to take the appropriate measures. https://t.co/LbkqvTBh8c #RDP #infosec

— CIRCL (@circl_lu) May 15, 2019

CVE-2019-0708 - Remote Desktop Services Remote Code Execution Vulnerability. Microsoft advisory available at https://t.co/QNMte3xPph

— NCSC IE (@ncsc_gov_ie) May 15, 2019

Prevent a worm! Microsoft released fixes for critical RCE vulnerability CVE-2019-0708 in Remote Desktop Services that affects Windows 7 & Windows Server 2008/2008R2. Protocol itself is not vulnerable, it's pre-authentication & requires no user interaction https://t.co/fePC5xxAdm pic.twitter.com/cEzSRFAF2A

— Artyom Sinitsyn (@ArtyomSinitsyn) May 14, 2019

CVE-2019-0708: Wormable RCE in Windows RDP. Dis b fun!https://t.co/3HH5j3HFNG

— ??????? (@nblr) May 15, 2019

Quickly patch #CVE20190708 , it is possible to upgrade to a worm.
A remote code execution vulnerability exists in Remote Desktop Services(RDP)https://t.co/AVwZsyQv2Qhttps://t.co/08dSkmnVrE

— blackorbird (@blackorbird) May 15, 2019

If you still use Windows 7 or 2008, you need ton install this patch, or you can be wormed (virused.) Suggest the monthly roll up if it hasn't already installed via auto-update. Many haven't. https://t.co/wSN4UB1q4s

— Richard Heart Pumpamentals.com (@RichardHeartWin) May 15, 2019

Microsoft release Critical Security Updates for unsupported versions of Windows (i.e. XP & Windows 2003), to patch a “wormable” vulnerability (CVE-2019-0708) which could allow the rapid propagation of malware, as per the WannaCry attacks in 2017 - https://t.co/Zk79dQH80R

— Dave Whitelegg (@SecurityExpert) May 15, 2019

Everyone's talking about a 0-Day in WhatsApp that was exploited against less than 1% of the world, but 100% of the vulnerable servers on the internet are going to get smoked once this POC hits the streets. This is when you halt what you're doing and patch. https://t.co/JLqwV4ZtZC

— Andrew (@QW5kcmV3) May 15, 2019

Microsoft urges everyone to patch CVE-2019-0708, which is also patched on some out-of-support systems, to prevent a Remote Desktop worm https://t.co/yD2rVysNFA

— Virus Bulletin (@virusbtn) May 15, 2019

This is so serious that MS issued a patch for XP and 2003. Go patch. Now.
—-
Prevent a worm by updating Remote Desktop Services (CVE-2019-0708) – MSRC https://t.co/Tl64TKSPaC

— Bob Plankers (@plankers) May 15, 2019

Prevent a worm by updating Remote Desktop Services (CVE-2019-0708) https://t.co/mlbXRN5Ax2

— Christian Forst (@christianforst) May 15, 2019

Prevent a worm by updating Remote Desktop Services (CVE-2019-0708) https://t.co/uMDciXzHBz

— Nobutaka Mantani (@nmantani) May 14, 2019

Important: Upgrade to Windows 10 or apply the latest updates to protect devices running #Windows7, Windows Server 2008 R2, or older from wormable RCE vulnerability. Find links and important details here: https://t.co/8Ccljfo31U #MSHelps pic.twitter.com/PkfPGdcDEJ

— Windows IT Pro (@MSWindowsITPro) May 14, 2019

No time better than now to brush up on your RDP #DFIR skills.

Resource To Help:https://t.co/McSEaxKvSz

Reasons to Do It NOW:https://t.co/pT9hNRgKJAhttps://t.co/xcckWOF2ik pic.twitter.com/kl9RJYrg56

— J P (@JPoForenso) May 14, 2019

#Microsoft warns of major WannaCry-like Windows security exploit, releases XP patches https://t.co/7O5fOLnphr #Infosec pic.twitter.com/O67cuQN3Df

— #AI (@AI__TECH) May 14, 2019

Microsoft warns of major WannaCry-like Windows security exploit, releases XP patches https://t.co/D2qj5vNOr4 pic.twitter.com/jYOTPiqTpt

— The Verge (@verge) May 15, 2019

Is it time to start thinking about putting RDP to rest forever? https://t.co/APex8ZcrVG

— Tyler Hudak (@SecShoggoth) May 14, 2019

#Microsoft is warning users of old versions of Windows to urgently apply a Windows Update today to protect against a widespread attack. #WindowsInsiders #Windows #Windows10 #Windows7 #WannaCry https://t.co/KRIO5oXg2F

— Risc IT Solutions (@RiscITSolutions) May 15, 2019

#Microsoft warns of major #WannaCry-like Windows security exploit, releases XP patches https://t.co/mz1OulMmT5 ❔ Is it #BillMuray who released the patch ? #GroundhogDay

— Anthony DI PRIMA (@diprima_a) May 14, 2019

If you're still holding out on XP, stop it. This is what we've been saying would happen. It's no accident this came out a month after support ended for POSReady2009. https://t.co/DQ9fzIJ4c0

— Secure Ideas LLC (@secureideas) May 14, 2019

It is #PatchTuesday and #Microsoft Releases Patches For A Critical '#RDP Wormable Vulnerability as bad as #WannaCry' and 78 Other Issues including 18 Critical. If you use Windows (including 2003 and XP) - start patching:

https://t.co/gxoZlLMMOu

— Sam Stepanyan (@securestep9) May 14, 2019

Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003 https://t.co/LGCJpF0cwX

— CSPF (@CyberSecurityPr) May 15, 2019

#Microsoft did the right thing to patch XP again. But the devices checking for #security updates that haven't changed OSes in ~20 years will be small. The already infected XP machines will be reinfected unless #malware patches the OS. https://t.co/gROX01OI7Y

— Evan (@evanwright) May 15, 2019