Security News > 2020 > March > Microsoft releases patch for leaked SMBv3 RCE flaw
After the inadvertent leaking of details about a wormable Windows SMBv3 RCE flaw on Tuesday, Microsoft has rushed to release a patch.
The flaw affects Windows 10 and Windows Server installations, so admins who have those in their care are urged to implement the security updates right away.
"A network based attack can compromise any Windows computer that has file sharing enabled, whether that machine is just a standard desktop or a more robust file server," SophosLabs researchers have pointed out.
Finally, an inside attacker could exploit the flaw to give themselves SYSTEM privileges - after having gained code execution on the targeted machine.
The #SMB bug appears trivial to identify, even without the presence of a patch to analyze.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/Zgr2e4n7arw/
Related news
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
- 'Patch yesterday': Zimbra mail servers under siege through RCE vuln (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft cleans up hot mess of Patch Tuesday preview (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Microsoft SharePoint RCE bug exploited to breach corporate network (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)