Windows 10 wormable vulnerability emerges with no fix in sight

(Image credit: REDPIXEL.PL / Shutterstock)

Microsoft's latest standard Patch Tuesday included an additional piece of information regarding a "wormable" vulnerability in Microsoft Server Message Block 3.0 (SMBv3) that would allow an attacker to go after Windows 10 and Windows Server users. Worse of all, it has yet to be patched (via Ars Technica). 

This is reminiscent of the vector for the WannaCry and NotPetya attacks in 2017, but thankfully, in this case, the SMB 3.1.1 protocol is less widely distributed than the flawed SMB protocol exploited in those cases. Individual users are out of luck until a patch is available. Thankfully, Microsoft has a temporary solution for Windows Server users.

Microsoft SMB is used to share resources (files, printers, scanners, etc.) on local networks or over the internet. According to the Microsoft advisory: 

"To exploit the vulnerability against an SMB Server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 Server. To exploit the vulnerability against an SMB Client, an unauthenticated attacker would need to configure a malicious SMBv3 Server and convince a user to connect to it."

While there is no evidence of an exploit in the wild yet, this kind of attack can be carried out remotely, so Windows Server users should follow Microsoft's recommendation and disable SMBv3 compression until a patch is available. 

Sean Riley

Sean Riley has been covering tech professionally for over a decade now. Most of that time was as a freelancer covering varied topics including phones, wearables, tablets, smart home devices, laptops, AR, VR, mobile payments, fintech, and more.  Sean is the resident mobile expert at Laptop Mag, specializing in phones and wearables, you'll find plenty of news, reviews, how-to, and opinion pieces on these subjects from him here. But Laptop Mag has also proven a perfect fit for that broad range of interests with reviews and news on the latest laptops, VR games, and computer accessories along with coverage on everything from NFTs to cybersecurity and more.