Microsoft has urged Windows 10 users to apply an emergency critical security update
Just days after the monthly Patch Tuesday swathe of Windows security updates was released, Microsoft has issued an emergency "out of band" update for Windows 10 users in response to the leaking of a critical vulnerability.
Microsoft has urged Windows 10 users to "take action" as the out of band security update for CVE-2020-0796 is released. A critical vulnerability, named as SMBGhost or EternalDarkness by various security vendors, that is both wormable and affects the Server Message Block (SMB) network communications protocol. Yes, the protocol that enables shared access to your files and printers as well as serial ports. And, yes, the same SMB protocol that was exploited by the NSA-developed EternalBlue to such devastating effect during the WannaCry attacks in 2017.
Kieran Roberts, head of penetration testing at Bulletproof, said at the time of the leak that "SMB is the protocol used for sharing files, this is the same protocol that was vulnerable to the EternalBlue (CVE-2017-0144) exploit back which was weaponized into the WannaCry ransomware. It appears that this new vulnerability has several of the same hallmarks as EternalBlue. This means that this new vulnerability could result in a resurgence of ransomware attacks such as WannaCry and NotPetya, which both used the very similar EternalBlue exploit."
The reason that SMBGhost was disclosed would seem to be a miscommunication in the patching and disclosure process that led to some vendors thinking CVE-2020-0796 would have a fix included in the Patch Tuesday updates. They then accidentally published details of it in their update round-up blogs. Although those disclosures were quickly removed, details rapidly spread across social media, especially within the online Infosecurity community.
As I reported on March 11, the vulnerability sits in the SMB 3.0 network communication protocol, and if successfully exploited by an attacker could enable remote and arbitrary code execution and potentially take control of the system. Microsoft said that it had not yet "observed an attack exploiting this vulnerability," but recommended that users "apply this update to your affected devices with priority." There have, however, already been proof-of-concept exploits developed by security researchers. Which likely means it is only a matter of time, a very short period of time at that, before unpatched systems start being exploited by attackers.
The good news for Windows 10 users is, assuming you have automatic updates enabled, no further action will be required as the system will apply the patch to protect against any exploit of this critical vulnerability. However, if automatic updates are disabled, then you will need to update manually and as soon as possible. Microsoft said that it's important to note that the KB4551762 update needs to be applied even if you installed the Patch Tuesday updates. Likewise, if you implemented the workaround measures to disable SMBv3 compression in Microsoft Security Advisory ADV200005, you still need to install this out of band update. If you cannot apply the update, then that workaround is still recommended for organization admins who should also block TCP port 445 at the network perimeter. Everyone else should use Windows Update to check for updates and kick-start the installation process if required or download the KB4551762 update patch directly from the Microsoft update catalog.
The following versions of Windows 10 are impacted by this vulnerability:
And also:
You might also like to read more about securing Microsoft Windows 10 in eight easy steps.
Follow me on Twitter or LinkedIn. Check out my website.
...
All Rights Reserved © 2024
