Microsoft issued a security update reminder on 14th May to patch a critical Code Execution vulnerability, CVE-2019-0708 that affects some older versions of Windows. They previously warned that the vulnerability is ‘wormable’ and that future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.
Microsoft is confident that an exploit exists for this vulnerability, and if recent reports are accurate, nearly one million computers connected directly to the internet are still vulnerable to CVE-2019-0708. Many more within corporate networks may also be vulnerable. It only takes one vulnerable computer connected to the internet to provide a potential gateway into these corporate networks, where advanced malware could spread, infecting computers across the enterprise.
It's been only two weeks since the fix was released and there has been no sign of a worm yet.
Strongly advise that all affected systems should be updated ASAP.
It is possible that we won’t see this vulnerability incorporated into malware, but it better to be safe than sorry.
Source: Microsoft Security Response Centre (MSRC) Team