Microsoft quickly releases patch for wormable SMB flaw

Flaw was leaked yesterday and fixed today

Microsoft sign attached to a building

Yesterday, Microsoft prematurely leaked details surrounding a pre-auth RCE Windows 10 vulnerability found in Microsoft Server Message Block 3.1.1 (SMBv3). Today, it has a patch to rectify the flaw.

Microsoft announced the release of the KB4551762 security update, which will repair the vulnerability that allowed attackers to exploit the remote code execution found in SMBv3 by sending a specially-crafted packet to the targeted SMBv3 server. Microsoft says it has not observed any attacks exploiting the vulnerability created by the Microsoft Server Message Block 3.1.1 (SMBv3) flaw. Still, it is advising everyone running Windows 10 version 1903 or 1909 install the update.

If you have a Windows 10 machine with version 1903 or 1909 or run Windows Server 1903/1909 and have automatic updates enabled, the latest patch has already been pushed to your device. If you manually install updates, you’ll want to download the newest update from the Microsoft Security Update Guide and apply it.

Microsoft also notes that you’ll need to install this update, even if you’ve “installed the security update released on March 10, 2020 or applied the workaround in Microsoft Security Advisory ADV200005.”

Featured Resources

Security analytics for your multi-cloud deployments

IBM Security QRadar SIEM solution brief

Download now

Five reasons to move to the cloud

Join the enterprises moving their workloads to the cloud

Download now

Architecting hybrid IT and edge for digital advantage

Why business leaders should consider a hybrid IT strategy

Download now

Six reasons to accelerate remote asset monitoring with AI

How to optimise resources, increase productivity, and grow profit margins with AI

Download now

Most Popular

How to build a CMS with React and Google Sheets
content management system (CMS)

How to build a CMS with React and Google Sheets

24 Feb 2021
Oxford University COVID lab falls victim to hackers
hacking

Oxford University COVID lab falls victim to hackers

26 Feb 2021
Npower shuts down app after hackers steal user data
hacking

Npower shuts down app after hackers steal user data

25 Feb 2021