DHS Warns on New Exploit of Windows 10 VulnerabilityDHS Warns on New Exploit of Windows 10 Vulnerability
The vulnerability was patched in March, but a new proof of concept raises the stakes for organizations that haven't yet updated their software.
June 10, 2020
Organizations with unpatched Windows 10 systems in their inventory now have an extra-large target on their corporate backs. According to a new alert from the Cybersecurity and Infrastructure Security Agency (CISA), an agency of the Department of Homeland Security, the target is in the shape of CVE-2020-0796 due to new proof-of-concept exploit code posted to GitHub.
The vulnerability is in the Microsoft Server Message Block 3.1.1 (SMBv3) protocol, a protocol used to allow Windows to communicate with a variety of devices. The vulnerability exploit, called SMBGhost, could allow an attacker to execute arbitrary code on the targeted server. To make matters worse, the exploit is "wormable," meaning that it can use infected hosts to spread copies of the exploit across an organization's network.
Microsoft issued a patch for CVD-2020-0796 in March, but tens of thousands of Windows 10 computers remain unpatched around the world. The release of the proof of concept into the wild means that these unpatched systems have made their owners victims-in-waiting. The DHS and Microsoft each urge owners to update their systems immediately.
Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really bad day" in cybersecurity. Click for more information and to register.
About the Author(s)
You May Also Like
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingDec 12, 2023
SecOps & DevSecOps in the CloudDec 14, 2023
What's In Your Cloud?Jan 17, 2024
Everything You Need to Know About DNS AttacksJan 18, 2024
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
AI in Cybersecurity: Using artificial intelligence to mitigate emerging security risks
Building Immunity: The 2021 Healthcare and Pharmaceutical Industry Cyber Threat Landscape Report
Business Buyers Guide to Password Managers