Microsoft is aware that some customers are running versions of Windows that no longer receive mainstream support. That means those customers will not have received any security updates to protect their systems from CVE-2019-0708, which is a critical remote code execution vulnerability.
Given the potential impact to customers and their businesses, we made the decision to make security updates available for platforms that are no longer in mainstream support (see download links in the following table). These updates are available from the Microsoft Update Catalog only. We recommend that customers running one of these operating systems download and install the update as soon as possible.
Platform |
Article |
Download |
Impact |
Severity |
Windows XP SP3 x86 |
Remote Code Execution |
Critical |
||
Windows XP Professional x64 Edition SP2 |
Remote Code Execution |
Critical |
||
Windows XP Embedded SP3 x86 |
Remote Code Execution |
Critical |
||
Windows Server 2003 SP2 x86 |
Remote Code Execution |
Critical |
||
Windows Server 2003 x64 Edition SP2 |
Remote Code Execution |
Critical |
||
Windows Server 2003 R2 SP2 | 4500331 | Security Update | Remote Code Execution | Critical |
Windows Server 2003 R2 x64 Edition SP2 | 4500331 | Security Update | Remote Code Execution | Critical |
Windows Vista SP2 | 4499180 | Security Update | Remote Code Execution | Critical |
Windows Vista x64 Edition SP2 | 4499180 | Security Update | Remote Code Execution | Critical |
To learn more about the vulnerability, go to CVE-2019-0708.