Security News > 2020 > March > Out-of-Band Windows Updates Patch Wormable SMB Vulnerability

Microsoft has released out-of-band updates for Windows to patch a critical remote code execution vulnerability in Server Message Block 3.0 that has been described as "Wormable."
The vulnerability, related to the way SMB 3.1.1 handles certain requests, can be exploited by an unauthenticated attacker to execute arbitrary code on SMB servers and clients.
The existence of the vulnerability was disclosed by Microsoft on Tuesday, when the company released its monthly security updates.
The weakness impacts Windows 10 and Windows Server versions 1903 and 1909.
Microsoft has not disclosed too many technical details about the vulnerability and a patch was not available until now for analysis.
News URL
Related news
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- New Windows zero-day leaks NTLM hashes, gets unofficial patch (source)
- CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
- Microsoft Patches 125 Flaws Including Actively Exploited Windows CLFS Vulnerability (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401) (source)
- Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’ (source)
- April's Patch Tuesday leaves unlucky Windows Hello users unable to login (source)
- Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) (source)