Windows 10 Hit by Security Flaw, Microsoft Releases Emergency Patch

The bug exists in the latest version of Window's server message block, known as SMB.

By Indo-Asian News Service | Updated: 13 March 2020 16:29 IST

Windows 10 Hit by Security Flaw, Microsoft Releases Emergency Patch

The fix is available as KB4551762, an update for Windows 10, versions 1903 and 1909

Highlights

Microsoft has released a Windows patch for a security vulnerability
It enabled attackers to transfer malicious codes
The bug exists in the latest version of Window's server message block

Microsoft has released a Windows patch for a security vulnerability that enabled attackers to transfer malicious code from one machine to another if they had the vulnerability without the knowledge of the users.

The fix is available as KB4551762, an update for Windows 10, versions 1903 and 1909, and Windows Server 2019, versions 1903 and 1909.

"Customers who have already installed the updates released on March 10, 2020 for the affected operating systems should install KB4551762 to be protected from this vulnerability," Microsoft said on Thursday.

The bug exists in the latest version of Window's server message block, known as SMB, which lets Windows communicate with devices, like printers and file servers, on the network and across the Internet.

"A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client," the company said in a statement.

The detail rated bug were released on Tuesday as part of the software giant's typical monthly release of security patches, what it calls Patch Tuesday.

"To exploit the vulnerability against a server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 server. To exploit the vulnerability against a client, an unauthenticated attacker would need to configure a malicious SMBv3 server and convince a user to connect to it," the company added.

The security update addresses the vulnerability by correcting how the SMBv3 protocol handles these specially crafted requests.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.