Microsoft Issues Security Patch For “Wormable” SMBv3 Windows 10 Flaw
Microsoft has released a security patch for the recently known remote code execution vulnerability that exists in Server Message Block 3.1.1 (SMBv3) and affected the latest versions of Windows 10.
The details about the said vulnerability were first accidentally revealed by Microsoft but later published officially alongside the March 2020 Patch Tuesday that fixes 115 security holes.
The out-of-band security patch was rolled out on Thursday in the form of Windows Update KB4551762. It fixes the SMBv3 RCE vulnerability on Windows 10 1903 and 1909. It will be pushed to the devices via Windows Update and other respective channels.
The vulnerability doesn’t affect the older version of Windows 10. It’s interesting to note that Windows 7, that recently reached end-of-life, isn’t affected by it.
For the uninitiated, the Microsoft SMB is a protocol that helps in client-server communication and enables network sharing of files and printers. Exploiting the vulnerability allows an attacker to run arbitrary malicious codes on affected machines.
According to Jamie Hankins of the security firm Kryptos Logic, there are over 48,000 unpatched servers on the internet that could be compromised.
Furthermore, it was feared that the SMBv3, if not patched well in time, might give rise to another Wannacry-style malware campaign.