Categories: News

Microsoft was forced to patch an RCE vulnerability

Microsoft patched an RCE vulnerability as an emergency. But this happened only after some security partners accidentally disclosed the Server Message Block (SMB) protocol.

The fix from Microsoft addresses a remote code execution vulnerability (RCE). This is because it could allow attackers to execute code on a victim’s server or client. So, analysts considered it to be very dangerous.

“To exploit the vulnerability against a server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 server. To exploit the vulnerability against a client, an unauthenticated attacker would need to configure a malicious SMBv3 server and convince a user to connect to it,” Microsoft explained. So, the new security update corrects the way the SMBv3 protocol handles these special requests. This, way, the company prevents any possibility that a potential attacker could execute code on victim’s server or client.

No interaction needed to spread

SophosLabs consider that the flaw, named SMBGhost, does not require user interaction to spread, so it’s wormable. In fact, WannaCry attackers exploited another such bug in 2017.

Although it did not scan for exposed clients, Kryptos Logic, a security vendor, claimed that about 48.000 servers are at risk right now because of the new vulnerability. So, this could be a very important breach.

In fact, Microsoft had to rush the patch the RCE vulnerability as some of its partners on the Microsoft Active Protection Program offered details on the vulnerability.

Also, its decision came just a few days after it managed to bust the dangerous Necurs botnets. They managed to disrupt it after years of efforts and different types of approaches. In order to do this, researchers performed forensic analysis and also reverse engineering, malware analysis or modules updates. Although it was a major event for Microsoft, it seems they did not have the chance to enjoy this achievement.

Laurentiu Titei

Laurentiu, a creative content writer, has been producing articles about technology for more than 10 years. He is interested in all the security and internet news and his mainstream media background helps make them readable for all kinds of users. Moreover, he grows the appropriate social media channels for websites.

Recent Posts

Digital Advertising practices, under the pressure of fines

Its digital advertising practices continue to bring troubles for Google. Two separate cases will go to court in the UK…

2 years ago

Advertising discrimination, addressed by huge companies

WPP, Delta Airlines, Kellogg and Mindshare take the issue of advertising discrimination seriously, in order to combat bias in digital…

2 years ago

Ad fraud might hit $100B, advertising companies worry

Ad fraud has become a very big issue for both users and the advertising agencies. Different forms of it might…

3 years ago

The ad-based business model: Would Facebook change it?

The Facebook lead architect of the ad-based business model leaves the company. Let's see how her move could affect company's…

3 years ago

Here it comes: New Meta privacy policy. Does it matter?

A new Meta privacy policy comes soon for the company's platforms. Users would be notified of the updates about how…

3 years ago

Advertising company: ”Our customers don’t like ads”

As its “customers don't like ads,” Evite, an American online party planner, decided to just close its advertising business, while…

3 years ago