Hacker News new | ask | show | jobs
by sp332 760 days ago
In 2019, Microsoft released a patch for WinXP because there was a remote code execution vulnerability, and there were enough WinXP machines still around to make this a big deal. A machine without this one patch would still be immediately vulnerable.
1 comments
miles 760 days ago
Was this remotely exploitable with the firewall on (the default setting) and no user activity? Would love to learn more if you have any details or links - thank you.
link
sp332 760 days ago
https://krebsonsecurity.com/2019/05/microsoft-patches-wormab...

Looks like I misread and this requires RDP to be enabled, which is not the default. But it was pretty common, Rob Graham counted almost one million hosts. https://blog.erratasec.com/2019/05/almost-one-million-vulner...

link
miles 760 days ago
Thanks for the kind followup - I was on a bad mobile connection and couldn't dig around.
link