Security News > 2020 > March > Microsoft releases patch for leaked SMBv3 RCE flaw
After the inadvertent leaking of details about a wormable Windows SMBv3 RCE flaw on Tuesday, Microsoft has rushed to release a patch.
The flaw affects Windows 10 and Windows Server installations, so admins who have those in their care are urged to implement the security updates right away.
"A network based attack can compromise any Windows computer that has file sharing enabled, whether that machine is just a standard desktop or a more robust file server," SophosLabs researchers have pointed out.
Finally, an inside attacker could exploit the flaw to give themselves SYSTEM privileges - after having gained code execution on the targeted machine.
The #SMB bug appears trivial to identify, even without the presence of a patch to analyze.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/Zgr2e4n7arw/
Related news
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Veeam RCE bug lets domain users hack backup servers, patch now (source)
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- Microsoft pitches pay-to-patch reboot reduction subscription for Windows Server 2025 (source)