Security News

Microsoft has released an out-of-band emergency patch for a wormable remote-code execution hole in SMBv3, the Windows network file system protocol. The SMB bug fix was a late addition to Microsoft's March edition of Patch Tuesday - after the security hole was accidentally disclosed by the Cisco Talos research team in a blog post recapping this month's updates: Cisco thought Microsoft had fixed the bug this week as part of March's Patch Tuesday, and alerted the world to the bug's presence to get people to install their updates.

Microsoft has released out-of-band updates for Windows to patch a critical remote code execution vulnerability in Server Message Block 3.0 that has been described as "Wormable." The vulnerability, related to the way SMB 3.1.1 handles certain requests, can be exploited by an unauthenticated attacker to execute arbitrary code on SMB servers and clients.

After the inadvertent leaking of details about a wormable Windows SMBv3 RCE flaw on Tuesday, Microsoft has rushed to release a patch. The flaw affects Windows 10 and Windows Server installations, so admins who have those in their care are urged to implement the security updates right away.

Microsoft today finally released an emergency software update to patch the recently disclosed very dangerous vulnerability in SMBv3 protocol that could let attackers launch wormable malware, which can propagate itself from one vulnerable computer to another automatically. The latest vulnerability, for which a patch update is now available on the Microsoft website, exists in the way SMBv3 protocol handles requests with compression headers, making it possible for unauthenticated remote attackers to execute malicious code on target servers or clients with SYSTEM privileges.

Microsoft today finally released an emergency software update to patch the recently disclosed very dangerous vulnerability in SMBv3 protocol that could let attackers launch wormable malware, which can propagate itself from one vulnerable computer to another automatically. The latest vulnerability, for which a patch update is now available on the Microsoft website, exists in the way SMBv3 protocol handles requests with compression headers, making it possible for unauthenticated remote attackers to execute malicious code on target servers or clients with SYSTEM privileges.

Microsoft fixed bugs across a range of products on March's Patch Tuesday, releasing patches for 115 distinct CVEs, with 26 rated critical. The critical bug that cropped up in the most CVEs was in ChakraCore, the scripting engine that handles just-in-time compilation for its browsers.

UPDATE. Microsoft released an emergency out-of-band patch to fix a SMBv3 wormable bug on Thursday that leaked earlier this week. On Wednesday Microsoft warned of a wormable, unpatched remote code-execution vulnerability in the Microsoft Server Message Block protocol - the same protocol that was targeted by the infamous WannaCry ransomware in 2017.

Microsoft today released security updates to fix a total of 115 new security vulnerabilities in various versions of its Windows operating system and related software-making March 2020 edition the biggest ever Patch Tuesday in the company's history. Of the 115 bugs spanning its various products - Microsoft Windows, Edge browser, Internet Explorer, Exchange Server, Office, Azure, Windows Defender, and Visual Studio - that received new patches, 26 have been rated as critical, 88 received a severity of important, and one is moderate in severity.

Microsoft today released security updates to fix a total of 115 new security vulnerabilities in various versions of its Windows operating system and related software-making March 2020 edition the biggest ever Patch Tuesday in the company's history. Of the 115 bugs spanning its various products - Microsoft Windows, Edge browser, Internet Explorer, Exchange Server, Office, Azure, Windows Defender, and Visual Studio - that received new patches, 26 have been rated as critical, 88 received a severity of important, and one is moderate in severity.

Microsoft Corp. today released updates to plug more than 100 security holes in its various Windows operating systems and associated software. If youuse Windows, please take a moment to read this post, backup your system(s), and patch your PCs. All told, this patch batch addresses at least 115 security flaws.