‘Wormable’ Windows 10 Flaw Accidentally Leaks Before Patch Is Ready
2 min readMicrosoft has uncovered a new Windows 10 vulnerability that could unleash a computer worm on entire networks, and the company has not yet patched the bug.
The vulnerability, dubbed CVE-2020-0796, appears to have accidentally leaked to the public before Microsoft was ready with a fix. On Tuesday, security firms Cisco Talos and Fortinet jumped the gun and published advisories for the flaw, saying users could address the problem by downloading Microsoft’s newly released patches. However, no fix is currently available, forcing Talos and Fortinet to amend their posts.
With the cat out of the bag, Microsoft published an advisory to warn customers about the potential threat. The advisory includes several safeguards clients can take to make the flaw harder to exploit in a corporate network. Nevertheless, Microsoft is urging customers to install the patch once it becomes available.
Wormable flaws are serious because they open the door for malware to infect one vulnerable machine, and then another, resulting in entire networks compromised and under the control of the hacker. This happened in 2017 with the WannaCry ransomware outbreak, which infected at least 200,000 older Windows machines due a vulnerability in the operating system.
In the case of CVE-2020-0796, the flaw affects the latest Windows 10 versions, in addition to Windows Server version 1903. But the good news is that the vulnerability is less of a threat to consumer Windows 10 PCs. According to Microsoft, the flaw deals with the Microsoft Server Message Block 3.1.1 or SMBv3 protocol, which can let your machine share files or access the printer on a corporate network.
The company discovered that an “unauthenticated” attacker can send specially crafted packets to the SMBv3 protocol to manipulate the system into executing computer code, which could include malicious software. Microsoft’s advisory also suggests other Windows 10 PCs connected to the affected server could become compromised as well.
However, if you’re a user with a Windows 10 laptop that never uses the SMBv3 protocol, the chances of takeover are nil. According to Microsoft, the attacker would need to configure a malicious Windows SMBv3 server and then trick you into letting your PC connect to it.
The other reason why the threat is low is because no technical details about the vulnerability have been released. Microsoft, Talos, and Fortinet only published barebones advisories describing the threat in general, not enough for a hacker to quickly weaponize the flaw.
Nevertheless, the security community is urging businesses to be aware of the threat, and the US Computer Emergency Readiness Team (CERT) is warning that there’s currently no “practical solution” to completely plugging the vulnerability without a patch from Microsoft.