U.S. Government cybersecurity agency warns malicious cyber actors are targeting Windows 10 systems still vulnerable to a three-month-old critical security flaw.
Cast your mind back to March 10 when the monthly Windows Patch Tuesday security updates were released by Microsoft. That same day, one critical Windows 10 vulnerability was disclosed by mistake ; disclosed before a fix had been made available.
CVE-2020-0796 , better known today as SMBGhost, was thought so dangerous were it to be weaponized that it merited that rarest of common vulnerability scoring system (CVSS) ratings: a “perfect” 10 . Microsoft was quick to act. It issued an emergency out of band fix within days.
That’s where the good news ends.
SMBGhost is a fully wormable vulnerability that could enable remote and arbitrary code execution and, ultimately, control of the targeted system if a successful attack was launched. The vulnerability, in Microsoft’s Server Message Block 3.1.1, allows for a maliciously constructed data packet sent to the server to kick off the arbitrary code execution.
Such an attack would require both an unpatched and vulnerable Windows 10 or Windows Server Core machine and, crucially, working and available exploit code. The former should have been sorted by the emergency update being applied automatically, but that assumes every device at risk would have automatic updates enabled.
MORE FROM FORBES Microsoft Turns Bizarre To 11 With Fingerprint Scanning Headphones By Davey Winder
This is not the case, for a myriad of reasons, and leaves systems and data exposed.
Especially seeing as the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has just confirmed that it is aware of “publicly available and functional” proof of concept (PoC) exploit code.
What’s more, the CISA posting warns, “malicious cyber actors are targeting unpatched systems with the new PoC, according to recent open-source reports.”
The CISA has said that it “strongly recommends using a firewall to block SMB ports from the internet,” and that the application of patches and updates for such critical vulnerabilities should be applied as soon as possible.
I reached out to Microsoft, and a spokesperson provided the following statement: “We recommend customers install updates as soon as possible as publicly disclosed vulnerabilities have the potential to be leveraged by bad actors. An update for this vulnerability was released in March, and customers who have installed the updates, or have automatic updates enabled, are already protected.”
Microsoft’s security updates addressing SMBGhost in Windows 10 version 1909 and 1903 and Server Core for the same versions, can be found here .
—
Updated June 9 with a statement from Microsoft
- The Windows 10 April 2018 Update: Terrible name, sweet upgrade
- 5 tips to prepare your PC for Windows 10 April 2018 Update
- Microsoft is finally updating Notepad – here’s what’s changing
- Microsoft Is Officially Not the Windows Company Anymore
- Microsoft reveals second generation Surface Hub 2
- Leaked EU overhaul gives tech companies 10 days to share ‘e-evidence’ data with police
- Microsoft unveils new smaller Surface Go tablet – and it's surprisingly cheap
- Xbox Two release date news – multiple consoles confirmed at E3 2018, plus Xbox 2 rumours, specs, games and price
- Google and Microsoft confirm new CPU security flaw
- E-waste activist jailed for copying 'worthless' Windows disks
- Microsoft launching family of Xbox consoles codenamed Scarlett in 2020
- Don't Skype Me: How Microsoft Turned Consumers Against a Beloved Brand
- 3 changes coming to your Microsoft Office's Word, Outlook and Excel
- Azerbaijani ministry purchases 30,000 Microsoft licenses
- Microsoft Will Acquire Coding Site GitHub
- Xbox teases new hardware to be unveiled next month
- Transfer news live updates including latest from Arsenal, Liverpool and United
- Two buses collide in Luton leaving one man critically injured in hospital
Windows 10 Critical Exploit Now Confirmed, Months After Microsoft’s Emergency Update have 637 words, post on www.forbes.com at June 6, 2020. This is cached page on Auto News. If you want remove this page, please contact us.