Microsoft's latest standard Patch Tuesday included an additional piece of information regarding a "wormable" vulnerability in Microsoft Server Message Block 3.0 (SMBv3) that would allow an attacker to go after Windows 10 and Windows Server users. Worse of all, it has yet to be patched (via Ars Technica).
This is reminiscent of the vector for the WannaCry and NotPetya attacks in 2017, but thankfully, in this case, the SMB 3.1.1 protocol is less widely distributed than the flawed SMB protocol exploited in those cases. Individual users are out of luck until a patch is available. Thankfully, Microsoft has a temporary solution for Windows Server users.
- Microsoft says 99.9% of accounts get hacked for this reason: How to protect yourself
- Critical Intel CPU flaw affects millions of laptops — and it's unpatchable
- Windows 10 update flaw causes laptops to automatically wake from sleep mode
Microsoft SMB is used to share resources (files, printers, scanners, etc.) on local networks or over the internet. According to the Microsoft advisory:
"To exploit the vulnerability against an SMB Server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 Server. To exploit the vulnerability against an SMB Client, an unauthenticated attacker would need to configure a malicious SMBv3 Server and convince a user to connect to it."
While there is no evidence of an exploit in the wild yet, this kind of attack can be carried out remotely, so Windows Server users should follow Microsoft's recommendation and disable SMBv3 compression until a patch is available.
Stay in the know with Laptop Mag
Get our in-depth reviews, helpful tips, great deals, and the biggest news stories delivered to your inbox.
Sean Riley has been covering tech professionally for over a decade now. Most of that time was as a freelancer covering varied topics including phones, wearables, tablets, smart home devices, laptops, AR, VR, mobile payments, fintech, and more. Sean is the resident mobile expert at Laptop Mag, specializing in phones and wearables, you'll find plenty of news, reviews, how-to, and opinion pieces on these subjects from him here. But Laptop Mag has also proven a perfect fit for that broad range of interests with reviews and news on the latest laptops, VR games, and computer accessories along with coverage on everything from NFTs to cybersecurity and more.