Microsoft delivers emergency patch to fix wormable Windows 10 flaw

by
Dan Goodin
from Ars Technica - All content on (#50MFW)
patched-jeans-800x536.jpg

Enlarge (credit: Cortney Dean / Flickr)

Microsoft on Thursday released an unscheduled fix for a critical security bug that makes it possible for attackers to remotely execute malicious code that can spread from vulnerable machine to vulnerable machine without requiring any interaction from users.

The flaw, in version 3 of Microsoft's implementation of the Server Message block protocol, is present only in 32- and 64-bit Windows 10 versions 1903 and 1909 for clients and servers. Although the vulnerability is difficult to exploit in a reliable way, Microsoft and outside researchers consider it critical because it opens large networks to "wormable" attacks, in which the compromise of a single machine can trigger a chain reaction that causes all other Windows machines to quickly become infected. That's the scenario that played on with the WannaCry and NotPetya in 2017.

In a bulletin accompanying Thursday's patch, Microsoft said it has no evidence the flaw is being actively exploited, but the company went on to label the bug as "exploitation more likely." That designation means malicious actors will probably develop and use exploits in the future.

Read 13 remaining paragraphs | Comments

index?i=3F2HeLbenX8:kq6-ZAc8zEU:V_sGLiPB index?i=3F2HeLbenX8:kq6-ZAc8zEU:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments