Security News > 2020 > March > Microsoft patches wormable Windows 10 ‘SMBGhost’ flaw
In the case of the critical Windows 10 Server Message Block vulnerability left unpatched in March's otherwise bumper Windows Patch Tuesday update, the answer is two days.
That's how long it took Microsoft to change its mind about releasing a fix after news of the remote code execution flaw leaked in now-deleted vendor posts and word spread to customers.
To exploit the vulnerability against an SMB Server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 Server.
1.1 compression on servers and blocking port 445 using firewalls - Microsoft has now issued a patch, KB4551762.
The issue only affects 32/64-bit Windows 10 and Server versions 1903 and 1909 because earlier versions don't support the affected SMBv3.
News URL
https://nakedsecurity.sophos.com/2020/03/16/microsoft-patches-wormable-windows-10-smbghost-flaw/
Related news
- Microsoft says it broke some Windows 10 patching – as it fixes flaws under attack (source)
- Microsoft: Windows 11 22H2 reaches end of support in 60 days (source)
- Microsoft is killing the Windows Paint 3D app after 8 years (source)
- Windows 10 KB5041580 update released with 14 fixes, security updates (source)
- Windows Server August updates fix Microsoft 365 Defender issue (source)
- Microsoft retires Windows updates causing 0x80070643 errors (source)
- Microsoft removes FAT32 partition size limit in Windows 11 (source)
- Microsoft to rollout Windows Recall to Insiders in October (source)
- Microsoft to roll out Windows Recall to Insiders in October (source)
- Microsoft: August updates cause Windows Server boot issues, freezes (source)