Microsoft warns older versions of Windows are vulnerable to attack, releases security fix

Microsoft today released a critical update to fix a major security vulnerability in older versions of Windows. The flaw is related to Windows Remote Desktop Services, formerly known as Terminal Services, and affects Windows 7 and older versions of the operating system, such as Windows Server 2008 and Windows XP. 

Microsoft says the Remote Desktop Protocol itself is not vulnerable, but instead the issue is pre-authentication and requires no user interaction. "In other words, the vulnerability is 'wormable', meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017," Microsoft said in a blog post.

Users of Windows 7, Windows Server 2008 RT, and Windows Server 2008, all of which are still supported versions of Windows, should use Windows Update to apply the necessary security patch. Older Windows versions like Windows 2003 and XP—which Microsoft ended support for earlier this year—won't get the fix through Windows Update, but can and should apply it manually.

Bo Moore

As the former head of PC Gamer's hardware coverage, Bo was in charge of helping readers better understand and use PC hardware. He also headed up the buying guides, picking the best peripherals and components to spend your hard-earned money on. He can usually be found playing Overwatch, Apex Legends, or more likely, with his cats. He is now IGN's resident tech editor and PC hardware expert.