Security News > 2020 > March > Microsoft patches wormable Windows 10 ‘SMBGhost’ flaw
In the case of the critical Windows 10 Server Message Block vulnerability left unpatched in March's otherwise bumper Windows Patch Tuesday update, the answer is two days.
That's how long it took Microsoft to change its mind about releasing a fix after news of the remote code execution flaw leaked in now-deleted vendor posts and word spread to customers.
To exploit the vulnerability against an SMB Server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 Server.
1.1 compression on servers and blocking port 445 using firewalls - Microsoft has now issued a patch, KB4551762.
The issue only affects 32/64-bit Windows 10 and Server versions 1903 and 1909 because earlier versions don't support the affected SMBv3.
News URL
https://nakedsecurity.sophos.com/2020/03/16/microsoft-patches-wormable-windows-10-smbghost-flaw/
Related news
- Microsoft ends support for Office apps on Windows 10 in October (source)
- Windows 10 KB5051974 update force installs new Microsoft Outlook app (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Windows 10 KB5049981 update released with new BYOVD blocklist (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- Microsoft expands testing of Windows 11 admin protection feature (source)
- Microsoft starts force upgrading Windows 11 22H2, 23H3 devices (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Microsoft removes Assassin’s Creed Windows 11 upgrade blocks (source)
- Microsoft fixes Windows Server 2022 bug breaking device boot (source)