Security News > 2020 > March > Microsoft Releases Patch for Wormable Bug That Threatens Corporate LANs
UPDATE. Microsoft released an emergency out-of-band patch to fix a SMBv3 wormable bug on Thursday that leaked earlier this week.
On Wednesday Microsoft warned of a wormable, unpatched remote code-execution vulnerability in the Microsoft Server Message Block protocol - the same protocol that was targeted by the infamous WannaCry ransomware in 2017.
Microsoft issued its advisory only after details of the bug were published online by Cisco Talos and Fortinet.
"There are still too many unknowns to say how effective this wormable vulnerability could be; is it going to be as easy as EternalBlue to implement or will it have the same difficulties as BlueKeep?" Melick noted - the latter in reference to the wormable bug disclosed last year that some feared would lead to another WannaCry-level event.
In lieu of a patch, Microsoft on Wednesday noted that administrators can use PowerShell to disable SMBv3 compression, which will block unauthenticated attackers from exploiting the vulnerability against an SMBv3 server.
News URL
Related news
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- February's Patch Tuesday sees Microsoft offer just 63 fixes (source)
- Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)