Microsoft quickly releases patch for wormable SMB flaw

Flaw was leaked yesterday and fixed today

Yesterday, Microsoft prematurely leaked details surrounding a pre-auth RCE Windows 10 vulnerability found in Microsoft Server Message Block 3.1.1 (SMBv3). Today, it has a patch to rectify the flaw.

Microsoft announced the release of the KB4551762 security update, which will repair the vulnerability that allowed attackers to exploit the remote code execution found in SMBv3 by sending a specially-crafted packet to the targeted SMBv3 server. Microsoft says it has not observed any attacks exploiting the vulnerability created by the Microsoft Server Message Block 3.1.1 (SMBv3) flaw. Still, it is advising everyone running Windows 10 version 1903 or 1909 install the update.

If you have a Windows 10 machine with version 1903 or 1909 or run Windows Server 1903/1909 and have automatic updates enabled, the latest patch has already been pushed to your device. If you manually install updates, you’ll want to download the newest update from the Microsoft Security Update Guide and apply it.

Microsoft also notes that you’ll need to install this update, even if you’ve “installed the security update released on March 10, 2020 or applied the workaround in Microsoft Security Advisory ADV200005.”

Featured Resources

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Simplify cluster security at scale

Centralised secrets management across hybrid, multi-cloud environments

Download now

The endpoint as a key element of your security infrastructure

Threats to endpoints in a world of remote working

Download now

2021 state of IT asset management report

The role of IT asset management for maximising technology investments

Download now

Most Popular

Microsoft CEO warns of video call fatigue
video conferencing

Microsoft CEO warns of video call fatigue

7 Oct 2020
IBM updates Cloud Pak with ‘industry-first’ security tools
Security

IBM updates Cloud Pak with ‘industry-first’ security tools

14 Oct 2020
Raspberry Pi Compute Module 4 launches with PCIe support
Hardware

Raspberry Pi Compute Module 4 launches with PCIe support

19 Oct 2020