Microsoft releases fix for the critical SMBv3 vulnerability- Patch now
John Greenwood
Posted On March 13, 2020
Microsoft has released a patch just two days after the Patch Tuesday for the SMBv3 vulnerability CVE-2020-0796. This vulnerability could allow attackers infect a computer inside of a network, and then spread to subsequent computers using the TCP port 445 automatically.
This remote code execution flaw impacts Windows 10 devices and affects the TCP port 445 which is by default used for file sharing, printer services and other communications within the network.
What is SMBv3 vulnerability?
The vulnerability lies in the Server Message Block (SMBv3) which would allow attackers to send a crafted malicious packet to the targeted SMBv3 server and lure the users to connect their machine to this server and subsequently the attacker could launch worms into the network thus affecting all the computers that are interconnected.
This vulnerability is similar to the EternalBlue vulnerability which was the reason behind the WannaCry and Petya attacks in 2017.
How to install this KB4551762 update?
Windows will automatically update your devices with this latest patch, while if in case you need the standalone update then visit the Windows Update Catalog website, and for Windows Server Update Services this update will automatically sync with WSUS once the admin configures the product as Windows 10, version 1903 and later with security updates as the classification.
Is you are an end user and have enabled automatic Windows updates this would be patches automatically, else please manually update your Windows before the SMB vulnerability gets exploited. Moreover, if you are a business please ensure you deploy these patches to all your Windows 10 devices including servers before it is too late. Though deploying a patch in the early stages could be troublesome, this is a critical wormable vulnerability and hence please ensure the patches are deployed to your systems right away.
Subscribe to ‘The Cybersecurity Times’, for daily alerts on cyber events. You can also follow us on Facebook, Linkedin, Instagram, Twitter and Reddit.
