Homeland Security warns over ‘wormable’ Windows 10 bug
Homeland Security’s cybersecurity advisory unit is warning Windows 10 users to make sure that their systems are fully patched, after exploit code for a “wormable” bug was published online last week.
The code takes advantage of a security vulnerability patched by Microsoft back in March. The bug caused confusion and concern after details of the “critical”-rated bug were initially published but quickly pulled offline.
The exploit code, known as SMBGhost, exploits a bug in the server message block — or SMB — component that lets Windows talk with other devices, like printers and file servers. Once exploited, the bug gives the attacker unfettered access to a Windows computer to run malicious code, like malware or ransomware, remotely from the internet.
Worse, because the code is “wormable” it can spread across networks, similar to how the NotPetya and WannaCry ransomware attacks spread across the world, causing billions of dollars in damage.
Even though Microsoft published a patch months ago, tens of thousands of internet-facing computers are still vulnerable, prompting the advisory.
In the advisory, Homeland Security’s Cybersecurity and Infrastructure Security Agency said hackers are “targeting unpatched systems” using the new code and advise users to install updates immediately.
The researcher who published the code, a GitHub user who goes by the handle Chompie1337, said by their own admittance that their proof-of-concept code was “written quickly and needs some work to be more reliable,” but warned that the code, if used maliciously, could cause considerable damage.
“Using this for any purpose other than self education is an extremely bad idea. Your computer will burst in flames. Puppies will die,” said the researcher.
If you haven’t updated Windows recently, now would be a good time.
Homeland Security’s cybersecurity advisory unit is warning Windows 10 users to make sure that their systems are fully patched, after exploit code for a “wormable” bug was published online last week. The code takes advantage of a security vulnerability patched by Microsoft back in March. The bug caused confusion and…
Recent Posts
- Can brightening clouds buy us time to fight climate change?
- Max is coming to Europe in May, but UK viewers have a long wait on their hands
- The lock-in problem at the heart of the Apple monopoly lawsuit
- Meta sheds more light on how it is evolving Llama 3 training — it relies for now on almost 50,000 Nvidia H100 GPU, but how long before Meta switches to its own AI chip?
- You can get $50 in Samsung credit when you preorder the Music Frame
Archives
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011