Windows 10 users have been urged once again to ensure that their systems are updated and properly protected with the latest security patches following the discovery of a dangerous new vulnerability. This comes via Tech Radar.
This new warning emanates from US Homeland Security, whose cybersecurity advisory unit has discovered an exploit code for a wormable bug online. The Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) is now urging all Windows 10 users to patch and update their systems immediately to ensure they stay safe from the vulnerability.[Tweet “Windows 10 users have been urged once again to ensure that their systems are updated and properly protected with the latest security patches following the discovery of a dangerous new vulnerability.”]
The bug itself was discovered in a GitHub post. An exploit that targets a known security flaw in the server message block tool that allows Windows to communicate with other devices, including appliances such as file servers and printers.
The researcher who discovered the code, who goes by the handle ‘Champie1337‘, said that their proof-of-concept code was quickly written, and may be shoddy, but it proves that there is a serious danger that exists within the exploit.
Once deployed, the bug, known as SMBGhost, can allow an attacker complete access to the target computer to download and run malicious code remotely. As SMBGhost is “wormable,” this means it can then be spread to other devices connected to the same network, allowing it to spread fast.
Microsoft has already issued a patch to quickly block the critical-rated flaw earlier this year, but the company caused confusion after its warnings and findings were taken offline shortly after being put up.
CISA has further warned that due to this discrepancy in Microsoft’s part, thousands of connected PCs and Laptop devices could still be vulnerable to the exploit. “CISA strongly recommends using a firewall to block SMB ports from the internet and to apply patches to critical- and high-severity vulnerabilities as soon as possible.”