Emergency Windows 10 security patch – Update now
Microsoft has released a fix for a critical security issue that allows attackers to execute malicious code capable of spreading throughout networks without interaction from users.
The patch was rolled out because while the flaw isn’t easy to exploit reliably, it still opens up the possibility that big networks can be exploited by wormable attacks similar to the WannaCry exploit.
“A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client,” said Microsoft.
The update changes how these requests are handled, Microsoft added.
Security company Sophos provided further explanation of how the vulnerability works.
“The vulnerability involves an integer overflow and underflow in one of the kernel drivers. The attacker could craft a malicious packet to trigger the underflow and have an arbitrary read inside the kernel, or trigger the overflow and overwrite a pointer inside the kernel,” said Sophos.
“The pointer is then used as [a] destination to write data. Therefore, it is possible to get a write-what-where primitive in the kernel address space.”
This means that malicious parties, if they managed to exploit the flaw, would be able to access sensitive data and could also get access to a command shell – allowing them to take control of the computer.
Act now
If your computer runs Windows 10, it is recommended that you install this patch as soon as possible.
This is particularly crucial if your computer regularly uses network devices – as this would enable the malicious party to infect these other devices.
However, if you are unable to install the patch, other ways you can lessen the impact of this flaw include disabling SMB compression and blocking port 445 on your router.
Loading ...