Latest in Gear

Image credit:

Microsoft issues emergency Windows 10 patch for leaked vulnerability

It disclosed the critical, "wormable" bug earlier than it wanted.
5 Shares
Share
Tweet
Share

Sponsored Links

REUTERS/Lucy Nicholson

Microsoft has released an unscheduled patch for a security bug that it accidentally disclosed during the release of its March 2020 patch several days ago. While difficult to exploit, the vulnerability is "critical" because it could allow malicious code to automatically spread from one machine to another. By releasing the fix now, Microsoft aims to avoid a chain reaction scenario that played out with the WannaCry and NotPetya viruses in 2017.

The security hole exists in Microsoft's Server Message block (SMB) protocol on recent 32- and 64-bit versions of Windows 10 both on the client and server sides. Researchers from Microsoft and elsewhere labeled it critical because the compromise of a single machine could compromise others on the same network. Microsoft said that there's no evidence so far that the flaw is being actively exploited, but said it's "more likely" than not to happen in the future.

An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client. To exploit the vulnerability against a server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 server. To exploit the vulnerability against a client, an unauthenticated attacker would need to configure a malicious SMBv3 server and convince a user to connect to it.

Windows 10 has strong defenses that make that scenario unlikely, but motivated and skilled attackers could likely engineer successful attacks. To prevent against that, users (especially those on networks) should install the KB4551762 security update as soon as possible or follow Microsoft's mitigation advice. Most folks should get the patch installed automatically via Windows Update.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
5 Shares
Share
Tweet
Share

Popular on Engadget

Intel's 10th-gen H-series laptop CPUs reach 5.3GHz

Intel's 10th-gen H-series laptop CPUs reach 5.3GHz

View
Dell XPS 13 review (2020): Tweaked to near-perfection

Dell XPS 13 review (2020): Tweaked to near-perfection

View
Sony debuts $200 headphones with powerful ANC and long battery life

Sony debuts $200 headphones with powerful ANC and long battery life

View
SpaceX aborts Falcon 9 launch with rare 'Liftoff! Disregard' sequence

SpaceX aborts Falcon 9 launch with rare 'Liftoff! Disregard' sequence

View
Apple lets Amazon rent movies inside Prime Video's iPhone app

Apple lets Amazon rent movies inside Prime Video's iPhone app

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr