Security News > 2020 > March > Microsoft Releases Patch for Wormable Bug That Threatens Corporate LANs

Microsoft Releases Patch for Wormable Bug That Threatens Corporate LANs
2020-03-11 17:13

UPDATE. Microsoft released an emergency out-of-band patch to fix a SMBv3 wormable bug on Thursday that leaked earlier this week.

On Wednesday Microsoft warned of a wormable, unpatched remote code-execution vulnerability in the Microsoft Server Message Block protocol - the same protocol that was targeted by the infamous WannaCry ransomware in 2017.

Microsoft issued its advisory only after details of the bug were published online by Cisco Talos and Fortinet.

"There are still too many unknowns to say how effective this wormable vulnerability could be; is it going to be as easy as EternalBlue to implement or will it have the same difficulties as BlueKeep?" Melick noted - the latter in reference to the wormable bug disclosed last year that some feared would lead to another WannaCry-level event.

In lieu of a patch, Microsoft on Wednesday noted that administrators can use PowerShell to disable SMBv3 compression, which will block unauthenticated attackers from exploiting the vulnerability against an SMBv3 server.


News URL

https://threatpost.com/wormable-unpatched-microsoft-bug/153632/?utm_source=rss&utm_medium=rss&utm_campaign=wormable-unpatched-microsoft-bug

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2819 161 4399