But it isn’t yet capable of inflicting damage https://twitter.com/GossiTheDog/status/1130425920987303936
[See the full post at: There’s now a freely available proof of concept exploit for the “wormable” WinXP/Win7 bug]
![]() |
There are isolated problems with current patches, but they are well-known and documented on this site. |
SIGN IN | Not a member? | REGISTER | PLUS MEMBERSHIP |
-
There’s now a freely available proof of concept exploit for the “wormable” WinXP/Win7 bug
Home » Forums » Newsletter and Homepage topics » There’s now a freely available proof of concept exploit for the “wormable” WinXP/Win7 bug
- This topic has 37 replies, 17 voices, and was last updated 4 years, 4 months ago.
AuthorTopicViewing 10 reply threadsAuthorReplies-
geekdom
AskWoody_MVPWell, you warned us that this vulnerability was apt to be exploited; it’s getting closer.
It probably wouldn’t hurt to keep virus checker definitions up to date.
On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender -
VVet69
AskWoody Plus -
Arctic_Eddie
AskWoody Lounger -
jagshemash
AskWoody Lounger
-
StoopidMonkey
AskWoody Plus-
PKCano
Manager -
GoneToPlaid
AskWoody Lounger
StoopidMonkey
AskWoody Plus-
PKCano
Manager
OscarCP
MemberNot being familiar with the concept in this particular context, I am asking the following questions:
Can this “proof of concept” be weaponized? If it is, then why was this “proof of concept” posted where, I think, anyone can get a copy from? How is a “proof of concept” of a malware concept supposed to work and what else is it for, besides proving that a hypothesized threat can be implemented? Is publishing in this way software as a “proof of concept” of potential malware a normal and accepted thing to do?
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV1 user thanked author for this post.
-
anonymous
GuestCan this “proof of concept” be weaponized?
Ask or continue to read Mr. Beaumont’s Twitter account to gain knowledge.
https://twitter.com/GossiTheDog/status/1130541773783228417
How is a “proof of concept” of a malware concept supposed to work and what else is it for, besides proving that a hypothesized threat can be implemented?
I believe you already understand by the nature of your question a proof of concept is supposed to demonstrate the viability of claimed security flaws.
Is publishing in this way software as a “proof of concept” of potential malware a normal and accepted thing to do?
This would be a good question to directly ask a more informed person in this case; As an example, the Spectre speculative execution flaws were responsibly disclosed and then proof of concept code was widely available on Github shortly after public disclosure.
-
OscarCP
MemberAnonymous: ” I believe you already understand by the nature of your question a proof of concept is supposed to demonstrate the viability of claimed security flaws.”
That is only the general idea. But I am not familiar with the particulars, that is why I wrote, quoting your quote: “How is a “proof of concept” of a malware concept supposed to work and what else is it for, besides proving that a hypothesized threat can be implemented?” and that is why I am asking these questions.
For all I know, once in possession of said particulars I might just as well conclude that publishing a “proof of concept of the possibility of certain kinds of cyber warfare or criminal attacks” is a great thing to do, or else a terrible and tremendously irresponsible thing to do. Or even something in between.
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV
-
Noel Carboni
AskWoody_MVPProof of concept publication serves what purpose, exactly?
No one in the world ever thought this exploit up before, then someone did, and now because of the publication of a “proof of concept” (innocent-sounding, eh?) it’s suddenly available for every bad actor in the world to try to use against others?
To what end?
I’m personally protected from this exploit in a number of ways. Even better, I know that I am. What about most folks, who are not sure?
How does it make you feel to wonder whether you may now be vulnerable to any number of terrible people presumably now poking at your computer systems from abroad?
Does it make you feel like taking action that otherwise you might not?
-Noel
-
mn–
AskWoody LoungerIn the general case or this specific case?
Back in the day, vulnerability reports often wouldn’t be believed unless there was a proof of concept to show for it. And I mean even, if the software vendor would pay attention and issue an update to fix it, getting end users to install that fix…
Or in some cases, having the operating system vendor’s own applications division to approve that update for installing on servers running the high-end applications that were all bought as a single package deal… BTDT, “unapproved patch, configuration is unsupported” …
1 user thanked author for this post.
-
warrenrumak
AskWoody LoungerThere are lots of bad people out there, and you can categorize them into two groups:
- Ne’er-do-wells who want tools to attack other people… be it for profit (criminals), subterfuge (government-sponsored spying), industrial espionage (learning your competitors’ trade secrets), or for fun (teenagers, mostly).
- Bumbling business leaders who don’t fully have their heads wrapped around item #1, and allow technical decisions to be made that expose their company to security risks. The only way this lot gets their feet held to the fire, is if the company takes a major public reputational hit…. your typical Board of Directors doesn’t understand side-channel execution attacks, but they do understand bad press.
Unfortunately, the rest of us have to cobble together a sustainable computing experience in a world full of people in both those groups.
Sometimes, the IT & engineering folks need every little bit of help they can get their hands on to convince their bosses that changes are necessary. Easy-to-use proof-of-concept code published on GitHub (a reputable site) is very compelling.
1 user thanked author for this post.
-
Sessh
AskWoody LoungerWell sure, but posting a PoC code for anyone to get their hands on is what makes #1 a bigger issue or even an issue at all if no one would have thought to do it before. It’s like advertising to the whole neighborhood that the lock on your neighbor’s front door is broken and can be easily opened even when locked. Not only that, but also giving people the tools they need to open that door that have been proven by you to work.
The act of posting a PoC instantly makes the situation worse than it was before. I think that’s the point here. Is there really no other way to accomplish #2 than literally telling everyone in category #1 exactly how to use this code for their malicious ends and giving them the code fully intact? I don’t know, it seems like an extremely flawed way of doing things to me. There’s really no other way? Really?
It’s almost like the method is to convince people that a threat is real and dangerous by deliberately making it real and dangerous. Okay, you don’t want to take it seriously? Well, now we’re going to give the code to anyone that wants it. You going to take it seriously now? It’s an awfully silly way to do things IMO.
5 users thanked author for this post.
-
OscarCP
MemberCategory No. 3: Unfriendly nation states.
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV -
Noel Carboni
AskWoody_MVP
-
geekdom
AskWoody_MVPEcho.
– Get Microsoft May patches.
– Turn off remote access.
– Keep anti-virus software up-to-date.On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefenderGoneToPlaid
AskWoody LoungerAside from disabling Remote Desktop and disabling Remote Assistance, one should block incoming TCP and UDP connections on port 3389 in their router. If you can’t block 3389 in your router, you can block it in your firewall program. Steve Gibson has a web page which can check that you have port 3389 blocked. See:
https://www.grc.com/port_3389.htm
-
OscarCP
MemberGTP: The site explains why keeping the port wide open is dangerous, but not how to fix it.
An explanation of the latter, particularly how one does it in Windows 7, would be most gratefully appreciated. Thanks in advance for it, as it might also be of interest to more than one person here.
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV1 user thanked author for this post.
-
Bluetrix
AskWoody MVPAn explanation of the latter, particularly how one does it in Windows 7, would be most gratefully appreciated.
A simple search as “How to close ports in Windows 7” returned 49,000,400 hits in .58 seconds.
Do a search on Youtube, there are many HOW TO Videos on subject.
1 user thanked author for this post.
-
anonymous
GuestOscar, that is a good question. A search would reveal much, but one has to know what sites are respectable.
Check out these two. I hope they help.
How to block ports in Windows
by Martin Brinkmann
https://www.ghacks.net/2017/05/19/how-to-block-ports-in-windows/How to Block Ports in Windows 7 – video using the windows firewall
https://www.youtube.com/watch?v=KA8BIshUcXwPlease follow the –Lounge Rules–
-
OscarCP
MemberThank you so much, Anonymous and Bluetrix. As usual, of all those tens of thousands of “hits” probably a good many have nothing to do with closing that port, but there will be plenty about “port”, both the nautical term and the fortified wine, the word “in”, the number “7”, and many with “windows” in it (actual house windows, windows of opportunity…), etc. But still there will be many that will seem relevant. So being given the links to, among all those sites, a couple where nobody is waiting in ambush to give misleading advice and lead the unwary to perdition, is a very good and helpful thing to do, and totally appreciated as such.
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV -
Bluetrix
AskWoody MVP@oscarcp,
I see your concern. I only showed how easy it was to do a search for the information.
I didn’t offer which ‘hits’ were a port for ships or the best Port Wine in California.The 1st three results I looked at before posting were about “How to close ports in Windows 7”, just as my search parameters requested.
Are you up to the task of separating the wheat from chaff and offer AW readers safe and correct advice on “How and why to close ports in Win7”, it could help a lot of people.
Maybe start a Topic on the subject.
1 user thanked author for this post.
-
OscarCP
MemberBluetrix,
My answer to your searching question is: “sadly, no.” I won’t pretend for one second to be up to the job of deciding on the worthiness of the advice to be gained online on this issue. So I am thankful to our Anonymous friend ( #1720873 ) for his contribution of those two URL links, and hope to see more like that — as probably may others here, as well.
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV
-
-
-
-
GoneToPlaid
AskWoody LoungerHi OscarCP,
The methods to block incoming ports varies, depending on on whether you want to do so in your router, or depending on whether you want to do so in Windows Firewall or in a third party firewall. Some routers, especially routers which are provided by cable companies, won’t allow you to block specific ports (mine won’t). This probably is to reduce support calls to cable companies.
Anyway, what firewall are you using?
Best regards,
–GTP
-
OscarCP
MemberGTP, Thanks for asking:
My firewall is that of the AV WebrootSecureAnywhere. I could also use the Windows 7 one, but have this notion that the AV one is better. Windows itself says it does not mind and is OK with that. Which puts something of an odd twist on the whole thing, does it not? Something your pointed question has now brought up to the surface of my consciousness. And that I am not too happy about.
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV -
GoneToPlaid
AskWoody LoungerHi OscarCP,
I did some Googling, and I don’t see how to block specific ports under the settings for the Webroot SecureAnywhere firewall. Some more Googling reveals that Webroot SecureAnywhere firewall has to run on top of either Windows Firewall or another third party firewall! See:
Get Windows Firewall turned back on! Then ask how to either block Remote Desktop Protocol in Windows Firewall or how to block port 3389 in Windows Firewall.
Best regards,
–GTP
1 user thanked author for this post.
-
satrow
AskWoody MVPA lot of modern 3rd party firewalls now work with the default Windows firewall (rules), not instead of it.
Any odd connection problems, enable it, reboot and test the affected software. A previously blocked program should then trigger the native firewall pop-up to ask if you want it to connect and on which network, private or public.
-
OscarCP
MemberGTP and Satrow, thanks for your views on this issue of setting up the firewall to stop people snooping, or worse, on me and on my PC through port 3389. At this point I think that what is left is for me to apply the good old experimental method to investigate this question and see what happens when, keeping the AV firewall on, I block that port. And, if necessary, playing around with turning one of the firewalls on or off while doing something with the other (not permanently, of course).
At the moment I am busy with a job I want to finish as soon as possible, mostly because I do not much like it. It’s a necessary thing that makes sense doing, but is not my favorite thing. When I am done I’ll go ahead and do the experimenting.
I also would like to bring your attention to the article that Geo (#1727332 )gave the URL link to, where it says (at least as I read it) that the possible malicious exploit under consideration here, because it is “wormable”, has nothing to do with the RDP. What do you make of that?
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV
-
-
anonymous
GuestFor business and governments companies that still pay MS for Windows Xp support, MS sent an update patch that address some slow downs with this patch. It seems MS will not releasing the re-updated patch to the public. Check with your contact at MS for the re-updated patch for Windows Xp.
-
anonymous
GuestThanks for the heads up. We were planning to deploy on our system. I check with our MS rep and he said that he did not get a chance to sent it out yet since we did not pay. I had to forward the proof that we paid for the next three years. MS is getting worse with sending out notifications since they made us sign the non-disclosure agreement to keep getting Windows Xp Updates.
How is IE11 running on Windows XP for your clients? It is bugging since last months updates but seems to be running well.
-
anonymous
Guest -
anonymous
GuestHow is IE11 running on Windows XP for your clients? It is bugging since last months updates but seems to be running well.
IE11 is running fine but some of apps require IE6 so those system have firefox or chrome installed.
XP running IE11! In what alternate timeline does XP support running any IE Version beyond IE8?
If you are government agency or businesses that are paying for Windows XP Pro support with payments of $6M or more every year. It is not available for the general public of XP home version.
-
Geo
AskWoody Plushttps://www.scmagazine.com/home/security Some more info mentioned from this site.
3 users thanked author for this post.
-
OscarCP
MemberQuoting from this article (the bold-formatting is mine):
“Microsoft also released a patch for a number of currently unsupported operating systems (Windows 7, Windows 2003, Windows Server 2008 R2, Windows Server 2008 and Windows XP) for CVE-2019-0708 because if properly exploited could allow malware to move from one system to another in the same fashion as WannaCry in 2017.”
“The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017,” Microsoft wrote in its security blog.”
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV2 users thanked author for this post.
Viewing 10 reply threads -

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.
Search Newsletters
Search Forums
View the Forum
Search for Topics
Recent Topics
-
Microsoft entered negotiations to sell Bing to Apple in 2020
by
Alex5723
5 hours, 38 minutes ago -
X CEO shows her iPhone’s Home Screen – and X isn’t there
by
Alex5723
6 hours, 51 minutes ago -
Keeping an older Mac secure
by
Susan Bradley
7 hours, 4 minutes ago -
Thunderbird – problem ”setting up existing email address”
by
stajourneyman
7 hours, 2 minutes ago -
Windows 11 Insider Preview build 23555 released to DEV
by
joep517
17 hours, 51 minutes ago -
Something didn’t go as planned KB5030310, KB 5030219
by
Donald Wyllie
17 hours, 13 minutes ago -
“Enhanced” search box
by
WSraysig
19 hours, 4 minutes ago -
Windows Ends Installation Path for Free Windows 7/8 Upgrade
by
Alex5723
19 hours, 49 minutes ago -
Icon text drop shadows latest Win 11 update
by
kenlcarter50
13 hours, 43 minutes ago -
Group Policy to change context menu to Win10 version?
by
HATech19
21 hours, 25 minutes ago -
You can no longer activate newer Windows 11 builds with Windows 7/8/8.1 keys
by
joep517
22 hours, 14 minutes ago -
Reddit is removing the option to prevent Reddit from tracking ..
by
Alex5723
1 day, 5 hours ago -
Vivaldi for iOS and iPadOS released
by
Alex5723
1 day, 5 hours ago -
Windows 11 attempted update to 22H2 results in Error Code 0x8024001e
by
Tiernan
18 hours, 29 minutes ago -
lock screen goes black after ~ 25-30 secs.
by
krism
14 hours, 19 minutes ago -
Need File Location Which Lists Default Apps Used
by
HARLEYMAN124
12 hours, 5 minutes ago -
Canadian’s identify alternative tape that prolongs life of laptop batteries
by
Kathy Stevens
1 day, 15 hours ago -
Browswers and Windows 11
by
WSG
1 day, 15 hours ago -
Advice on whether to upgrade to Windows 11
by
millerah
1 day, 16 hours ago -
Linuxmint LMDE 6 Officially Released
by
Microfix
19 hours, 17 minutes ago -
Edge browser – ad quality concern
by
doriel
3 hours, 18 minutes ago -
Strange problem after upgrade from Win10Pro 22H2 to Win11Pro 22H2
by
JohnH
1 day, 6 hours ago -
Return Full Context Menus to File Explorer
by
RetiredGeek
21 hours, 26 minutes ago -
Unusual Activity on Startup
by
Kenneth Stephens
1 day, 14 hours ago -
Windows Backup – incremental possible?
by
colin_thames
2 days, 15 hours ago -
New HD addition??
by
weendoggy
2 days, 6 hours ago -
Defcon 4 and Windows 11
by
cmar6
2 days, 22 hours ago -
Add-ins keep disappearing
by
hession
2 days, 19 hours ago -
MS-DEFCON 4: Is Windows 11 really a disaster?
by
Susan Bradley
7 hours ago -
The Takahē is not extinct afterall
by
lylejk
3 days, 7 hours ago
Recent blog posts
Key Links
Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.
Mastodon profile for DefConPatch
Mastodon profile for AskWoody
Home • About • FAQ • Posts & Privacy • Forums • My Account
Register • Free Newsletter • Plus Membership • Gift Certificates • MS-DEFCON Alerts
Copyright ©2004-2023 by AskWoody Tech LLC. All Rights Reserved.