Security News > 2020 > March > Critical Patch Released for 'Wormable' SMBv3 Vulnerability — Install It ASAP!
Microsoft today finally released an emergency software update to patch the recently disclosed very dangerous vulnerability in SMBv3 protocol that could let attackers launch wormable malware, which can propagate itself from one vulnerable computer to another automatically.
The latest vulnerability, for which a patch update is now available on the Microsoft website, exists in the way SMBv3 protocol handles requests with compression headers, making it possible for unauthenticated remote attackers to execute malicious code on target servers or clients with SYSTEM privileges.
"To exploit the vulnerability against a server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 server. To exploit the vulnerability against a client, an unauthenticated attacker would need to configure a malicious SMBv3 server and convince a user to connect to it," Microsoft said in the advisory.
As of today, there are nearly 48,000 Windows systems vulnerable to the latest SMB compression vulnerability and accessible over the Internet.
Since a patch for the wormable SMBv3 flaw is now available to download for affected versions of Windows, it's highly recommended for home users and businesses to install updates as soon as possible, rather than merely relying on the mitigation.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/GMJQcPS83NM/patch-wormable-smb-vulnerability.html
Related news
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs and Patch Released (source)
- Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites (source)