Microsoft has released a Windows patch for a security vulnerability that was prematurely disclosed earlier this week.
Details of the “critical”-rated bug were released on Tuesday as part of the software giant’s typical monthly release of security patches, what it calls Patch Tuesday. The bug exists in the latest version of Windows’ server message block, known as SMB, which lets Windows communicate with devices, like printers and file servers on the network and across the internet.
The security update addresses the vulnerability by correcting how the SMBv3 protocol handles these specially crafted requests.
A successful exploit of the SMB bug could allow an attacker to remotely run malicious code on any vulnerable computer.
Jamie Hankins, Head of Security and Threat Intelligence Research at Kryptos Logic, said some 48,000 internet-connected unpatched servers are vulnerable to exploitation. But the figure is likely to be far greater, as it doesn’t take into account all of the other vulnerable computers connected to those unpatched servers.
News of the bug prompted fears that attackers could launch “wormable” attacks that spread rapidly across networks, like the WannaCry attack in 2017. Now two days later, Microsoft has patches to fix the vulnerability for Windows 10 and Windows Server 2019, versions 1903 and 1909.
It’s not clear exactly what led to the inadvertent disclosure. Researchers at security firm Fortinet and Cisco released blog posts describing the vulnerability, but later removed references to the bug.
The patches are available through the typical update mechanisms, including Windows Update.
Customers who have already installed the updates released on March 10, 2020 for the affected operating systems should install KB4551762 to be protected from this vulnerability," Microsoft said on Thursday.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.