Warning — Unpatched Critical 'Wormable' Windows SMBv3 Flaw Disclosed

2020-03-11 05:27

Shortly after releasing its monthly batch of security updates, Microsoft late yesterday separately issued an advisory warning billions of its Windows users of a new critical, unpatched, and wormable vulnerability affecting Server Message Block 3.0 network communication protocol.

It appears Microsoft originally planned to fix the flaw as part of its March 2020 Patch Tuesday update only for some reason, it pulled the plug at the last minute, which apparently did not stop a tech company from accidentally leaking the existence of the unpatched flaw.

"To exploit the vulnerability against an SMB Server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 Server," Microsoft disclosed in an advisory.

It's worth pointing out that the flaw impacts only Windows 10 version 1903, Windows 10 version 1909, Windows Server version 1903, and Windows Server version 1909.

It's possible more versions are affected as SMB 3.0 was introduced with Windows 8 and Windows Server 2012.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/FT9f_WS07qs/smbv3-wormable-vulnerability.html

#critical #windows

News URL

Related news