This critical Windows security flaw could be as serious as WannaCry, experts claim
A patch is already available, so update Windows now
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
A vulnerability more serious than EternalBlue was sitting in Windows for some time, before being finally discovered and patched, experts have revealed.
For those with shorter memory, EternalBlue was an NSA-built zero-day for Windows which gave birth toWannaCry, possibly the most devastating globalransomwarethreat to ever emerge.
Researchers from IBM, which discovered the flaw, said that it was even more potent as it resided in a wider range of network protocols, giving threat actors more flexibility when conducting their attacks.
Three-month headway
The flaw, tracked as CVE-2022-37958, isn’t exactly new, as it was discovered - and patched - three months ago.
The news is that no one - not the researchers, notMicrosoftissuing the patch - knew exactly how dangerous it really was. In reality, it allows threat actors to run malicious code without the need for authentication. Furthermore, it’s wormable, allowing threat actors to trigger a chain reaction of self-multiplying exploits on other vulnerableendpoints. In other words, the malware abusing the flaw could spread across devices like wildfire.
Discussing the findings withArs Technica, Valentina Palmiotti, the IBM security researcher who discovered the code-execution vulnerability, said an attacker could trigger the vulnerability via “any Windows application protocol that authenticates.”
“For example, the vulnerability can be triggered by trying to connect to an SMB share or viaRemote Desktop. Some other examples include Internet exposed Microsoft IIS servers and SMTP servers that have Windows Authentication enabled. Of course, they can also be exploited on internal networks if left unpatched.”
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
NotPetya attack - three years on, what have we learned?>Ethical hackers show that Windows 10 isn’t immune to WannaCry>These are the best malware removal tools around
When Microsoft first patched it three months ago, it believed the flaw could only allow threat actors to grab some sensitive information from the device, and as such, labeled it as “important”. Now, the company amended the rating, labeling it as “critical”, with a severity score of 8.1.
Unlike EternalBlue, which was a zero-day and left security experts and software makers scrambling to build a fix, the patch for this flaw has been available for three months now, so its effects should be somewhat limited.
Via:Ars Technica
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
5 must-have Android apps
