Security News > 2020 > March > Microsoft patches wormable Windows 10 ‘SMBGhost’ flaw
In the case of the critical Windows 10 Server Message Block vulnerability left unpatched in March's otherwise bumper Windows Patch Tuesday update, the answer is two days.
That's how long it took Microsoft to change its mind about releasing a fix after news of the remote code execution flaw leaked in now-deleted vendor posts and word spread to customers.
To exploit the vulnerability against an SMB Server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 Server.
1.1 compression on servers and blocking port 445 using firewalls - Microsoft has now issued a patch, KB4551762.
The issue only affects 32/64-bit Windows 10 and Server versions 1903 and 1909 because earlier versions don't support the affected SMBv3.
News URL
https://nakedsecurity.sophos.com/2020/03/16/microsoft-patches-wormable-windows-10-smbghost-flaw/
Related news
- Microsoft to remove the Location History feature in Windows (source)
- Microsoft testing fix for Windows 11 bug breaking SSH connections (source)
- Microsoft launches ad-supported Office apps for Windows users (source)
- Microsoft tests ad-supported Office apps for Windows users (source)
- Windows 10 KB5052077 update fixes broken SSH connections (source)
- Microsoft fixes Outlook drag-and-drop broken by Windows updates (source)
- Microsoft lifts Windows 11 update block for some AutoCAD users (source)
- Microsoft replacing Remote Desktop app with Windows App in May (source)
- Windows 10 KB5053606 update fixes broken SSH connections (source)
- Microsoft: Recent Windows updates make USB printers print random text (source)