The computing giant has taken the drastic and unusual step of providing a fix to systems it no longer supports, including Windows XP – its popular operating system released almost 18 years ago.
Microsoft says the vulnerability affects a part of the Remote Desktop Services feature on some previous versions of Windows, which could allow devastating malware attacks to pass from vulnerable computer to vulnerable computer, as WannaCry did.
WannaCry notably hit parts of the NHS in May 2017, disrupting 80 trusts across England alone because they were either infected by the ransomware or had turned off their devices or systems as a precaution.
The health service was forced to cancel almost 20,000 hospital appointments and operations as a result, while five A&E departments had to divert patients to other units.
Simon Pope, Microsoft’s director of incident response, said it had found “no exploitation” but warned it is “highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware”.
He added: “It is important that affected systems are patched as quickly as possible to prevent such a scenario from happening.”
The flaw affects devices running Windows XP and Windows 2003, as well as Windows 7, Windows Server 2008 R2, and Windows Server 2008 – which are still currently supported.
Microsoft’s most recent operating systems, Windows 8 and Windows 10, are unaffected.