Windows has a new wormable vulnerability, and there’s no patch in sight

 In Biz & IT, computer worms, exploits, microsoft, vulnerabilities, Windows

Windows has a new wormable vulnerability, and there’s no patch in sight

Serving the Technologist for more than a decade. IT news, reviews, and analysis.
Close-up photo of police-style caution tape stretched across an out-of-focus background.

Enlarge (credit: Michael Theis / Flickr)

Word leaked out on Tuesday of a new vulnerability in recent versions of Windows that has the potential to unleash the kind of self-replicating attacks that allowed the WannaCry and NotPetya worms to cripple business networks around the world.

The vulnerability exists in version 3.1.1 of the Server Message Block, the service that’s used to share files, printers, and other resources on local networks and over the Internet. Attackers who successfully exploit the flaw can execute code of their choice on both servers and end-user computers that use the vulnerable protocol, Microsoft said in this bare-bones advisory.

The flaw, which is tracked as CVE-2020-0796, affects Windows 10, versions 1903 and 1909 and Windows Server versions 1903 and 1909, which are relatively new releases that Microsoft has invested huge amounts of resources hardening against precisely these types of attacks. Patches aren’t available, and Tuesday’s advisory gave no timeline for one being released. Asked if there was a timeline for releasing a fix, a Microsoft representative said, “Beyond the advisory you linked, nothing else to share from Microsoft at this time.”

Read 15 remaining paragraphs | Comments

Critical bug in Microsoft’s SMBv3 implementation published under mysterious circumstances.

Recent Posts
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt