Microsoft quickly releases patch for wormable SMB flaw
Flaw was leaked yesterday and fixed today
Yesterday, Microsoft prematurely leaked details surrounding a pre-auth RCE Windows 10 vulnerability found in Microsoft Server Message Block 3.1.1 (SMBv3). Today, it has a patch to rectify the flaw.
Microsoft announced the release of the KB4551762 security update, which will repair the vulnerability that allowed attackers to exploit the remote code execution found in SMBv3 by sending a specially-crafted packet to the targeted SMBv3 server. Microsoft says it has not observed any attacks exploiting the vulnerability created by the Microsoft Server Message Block 3.1.1 (SMBv3) flaw. Still, it is advising everyone running Windows 10 version 1903 or 1909 install the update.
If you have a Windows 10 machine with version 1903 or 1909 or run Windows Server 1903/1909 and have automatic updates enabled, the latest patch has already been pushed to your device. If you manually install updates, you’ll want to download the newest update from the Microsoft Security Update Guide and apply it.
Microsoft also notes that you’ll need to install this update, even if you’ve “installed the security update released on March 10, 2020 or applied the workaround in Microsoft Security Advisory ADV200005.”
The complete guide to changing your phone system provider
Optimise your phone system for better business resultsDownload now
Simplify cluster security at scale
Centralised secrets management across hybrid, multi-cloud environmentsDownload now
The endpoint as a key element of your security infrastructure
Threats to endpoints in a world of remote workingDownload now
2021 state of IT asset management report
The role of IT asset management for maximising technology investmentsDownload now