Security News > 2020 > March > Out-of-Band Windows Updates Patch Wormable SMB Vulnerability
2020-03-12 19:23
Microsoft has released out-of-band updates for Windows to patch a critical remote code execution vulnerability in Server Message Block 3.0 that has been described as "Wormable."
The vulnerability, related to the way SMB 3.1.1 handles certain requests, can be exploited by an unauthenticated attacker to execute arbitrary code on SMB servers and clients.
The existence of the vulnerability was disclosed by Microsoft on Tuesday, when the company released its monthly security updates.
The weakness impacts Windows 10 and Windows Server versions 1903 and 1909.
Microsoft has not disclosed too many technical details about the vulnerability and a patch was not available until now for analysis.
News URL
Related news
- FreeBSD Releases Urgent Patch for High-Severity OpenSSH Vulnerability (source)
- Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now (source)
- New Windows IPv6 Zero-Click Vulnerability (source)
- CISA Urges Federal Agencies to Patch Versa Director Vulnerability by September (source)
- SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access (source)
- APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262) (source)
- Fortra Issues Patch for High-Risk FileCatalyst Workflow Security Vulnerability (source)
- Week in review: Vulnerability allows Yubico security keys cloning, Patch Tuesday forecast (source)
- Progress Software Issues Patch for Vulnerability in LoadMaster and MT Hypervisor (source)
- Windows vulnerability abused braille “spaces” in zero-day attacks (source)