Windows XP and Windows Server 2003 users on a global basis face potential attacks from another exploit stolen from the National Security Agency (NSA), researchers said.
NSA last year suffered a breach and the Shadow Brokers hacking group stole several Windows exploits the agency was using to hack systems across the world.
WannaCry Vulnerability Checker Released
WannaCry Decryptor Tool Available
Updated WannaCry Indicators
Agencies Amassing Zero Days
WannaCry Variants Tougher to Kill
How to Protect Against ‘WannaCry’
Shadow Brokers published these exploits online earlier this year, leading to an increase in the number of attacks aimed at Windows devices, one of which was the WannaCry ransomware attack that sent a shock wave throughout multiple industries.
A second wave of attacks is hitting, researchers said, and it is based on a hacking tool called EsteemAudit, also stolen from the NSA.
In this case, however, systems that still receive support ended up patched in March this year, but Windows XP and Windows Server 2003 were left behind after reaching end of service in 2014. It is also worth noting the vulnerability WannaCry took advantage of was also patched, but not as many people downloaded the patch.
EsteemAudit is a vulnerability in the RDP service in Windows XP and Windows Server 2003, targeting port 3389 on unpatched systems.
Attacks can be tweaked to include worm-laden malware, which means once it infects a Windows XP system within a network, infections can then spread across all the other systems using other forms of malware.
This, in turn, means entire networks face exposure if they are connected to a Windows XP system where an Internet connection is available.
While Microsoft is yet to release a patch for this new security vulnerability in Windows XP, security researchers at enSilo published a third-party fix that helps block attacks launched with EsteemAudit.
“It is important to note that patching this exploit will not make these XP systems fully secure. There are still many unpatched vulnerabilities in Windows XP, and we urge organizations to update their systems accordingly,” enSilo researchers said.
Windows XP is currently running on approximately 7 percent of PCs across the world and upgrading to supported Windows versions is the only way to block such attacks.