Microsoft revealed its fix for a vulnerability in the SMBv3 protocol earlier than it originally thought after the bug was accidentally leaked online.
The fix is now available as an update for Windows 10 (versions 1903 and 1909) and Windows Servers 2019 (versions 1903 and 1909).
This update resolves the vulnerability, tracked as CVE-2020-0796, which exists as a protocol for sharing files, printers, and other resources on local area networks and networks called Server Message Block (SMB).
- Microsoft does not make Azure Realms available to everyone
- Raccoon malware affects all browsers
- Also check out the best malware remove tools
If used, the bug could allow an attacker to connect to remote systems that have SMB services enabled and run malicious code with system privileges.
Lack of SMB Spirit
As a result of a misunderstanding between Microsoft and some antivirus vendors, details of the bug leaked to the internet before they were released. Antivirus firms noted at the time that the bug could become a weapon as attackers develop self-propagating SMB worms with similar capabilities to the WannaCry and NotPetya ransomware strains.
Microsoft originally planned not to release fixes for the bug this month, but the software giant was forced to do so after the news leaked online.
A recently released patch comes out once in a while, as some researchers were able to develop a basic proof-of-concept demo to show how this vulnerability could be exploited to crash vulnerable machines.
It is strongly recommended that users of any of the listed versions of Windows 10 and Windows Server 2019 install the patch right away, but if you can do so, Microsoft has released a security advisory containing detailed mitigation tips.
- Keep your devices protected by the best antivirus software
Through ZDNet website