Microsoft quickly releases patch for wormable SMB flaw

Yesterday, Microsoft prematurely leaked details surrounding a pre-auth RCE Windows 10 vulnerability found in Microsoft Server Message Block 3.1.1 (SMBv3). Today, it has a patch to rectify the flaw.

Microsoft announced the release of the KB4551762 security update, which will repair the vulnerability that allowed attackers to exploit the remote code execution found in SMBv3 by sending a specially-crafted packet to the targeted SMBv3 server. Microsoft says it has not observed any attacks exploiting the vulnerability created by the Microsoft Server Message Block 3.1.1 (SMBv3) flaw. Still, it is advising everyone running Windows 10 version 1903 or 1909 install the update.

If you have a Windows 10 machine with version 1903 or 1909 or run Windows Server 1903/1909 and have automatic updates enabled, the latest patch has already been pushed to your device. If you manually install updates, you’ll want to download the newest update from the Microsoft Security Update Guide and apply it.

Microsoft also notes that you’ll need to install this update, even if you’ve “installed the security update released on March 10, 2020 or applied the workaround in Microsoft Security Advisory ADV200005.”

Featured Resources

BCDR buyer's guide for MSPs

How to choose a business continuity and disaster recovery solution

Download now

The definitive guide to IT security

Protecting your MSP and your customers

Download now

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

Download now

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now