ComputersNews

Microsoft issues emergency Windows 10 patch for leaked vulnerability

Microsoft has released an unscheduled patch for a security bug that it accidentally disclosed during the release of its March 2020 patch several days ago. While difficult to exploit, the vulnerability is “critical” because it could allow malicious code to automatically spread from one machine to another. By releasing the fix now, Microsoft aims to avoid a chain reaction scenario that played out with the WannaCry and NotPetya viruses in 2017.

The security hole exists in Microsoft&aposs Server Message block (SMB) protocol on recent 32- and 64-bit versions of Windows 10 both on the client and server sides. Researchers from Microsoft and elsewhere labeled it critical because the compromise of a single machine could compromise others on the same network. Microsoft said that there&aposs no evidence so far that the flaw is being actively exploited, but said it&aposs “more likely” than not to happen in the future.

An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client. To exploit the vulnerability against a server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 server. To exploit the vulnerability against a client, an unauthenticated attacker would need to configure a malicious SMBv3 server and convince a user to connect to it.

Windows 10 has strong defenses that make that scenario unlikely, but motivated and skilled attackers could likely engineer successful attacks. To prevent against that, users (especially those on networks) should install the KB4551762 security update as soon as possible or follow Microsoft&aposs mitigation advice. Most folks should get the patch installed automatically via Windows Update.


Author: Steve Dent, @stevetdent
March 13, 2020

.
Source: Engadget

Related posts
AI & RoboticsNews

How Amex uses AI to increase efficiency: 40% fewer IT escalations, 85% travel assistance boost

AI & RoboticsNews

The tool integration problem that’s holding back enterprise AI (and how CoTools solves it)

AI & RoboticsNews

Beyond generic benchmarks: How Yourbench lets enterprises evaluate AI models against actual data

Cleantech & EV'sNews

Hyundai just unveiled its 'Dream Car' — but will it bring the funky Insteroid EV to life?

Sign up for our Newsletter and
stay informed!