The SMB vulnerability
Remote Code executions can hit hard. Malicious code dumped by remote attackers can worm across the network to steal or encrypt for ransom. Preventing such attacks is possible only when nodes (computers in the network) are updated to the latest security measures. Thus, Microsoft released a Windows cumulative update called KB4551762, addressing a key vulnerability found in Windows 10’s Server Message Block (SMB) v 3.1.1. Server Message Block is a communication protocol widely used by nodes in a Windows network. This provides shared access for files, printers and serial ports within the network. This protocol is said to be having a vulnerability that may be exploited for wormable attacks. Further, it’s available in Windows 10 1903 and 1909 versions, thus, it needed to be patched immediately.
Could it be another WannaCry?
An attacker would leverage this vulnerability to run arbitrary code on PCs by connecting to a Windows machine over the SMB network port of 445/TCP. This gives him access to control all nodes in the network, thus stealing, erasing or encrypting the data for demanding a hefty ransom later. Analysts believe that this infected feature has the potential to turn into another EternalBlue attack like WannaCry. Not just PCs, but few servers too are vulnerable to this protocol. Analysts expect that over 48,000 servers could potentially be attached if not patched immediately. This vulnerability is tracked as CVE-2020-0796 and has a patch released by Microsoft already. Apply now.