Experts claim this important Windows security flaw could be as serious as WannaCry
A more serious vulnerability than EternalBlue existed in Windows for some time before it was finally discovered and patched, experts have revealed.
For those with shorter memory, EternalBlue is the NSA-built zero-day for Windows that gave birth Want to crypossibly the most destructive in the world Ransomware The threat never appeared.
IBM researchers, who discovered the vulnerability, say the vulnerability is even more powerful because it covers a wider network of network protocols, giving threat actors more flexibility when it comes to conducting attacks. attack.
Three-month progress
The vulnerability, tracked as CVE-2022-37958, is not entirely new, as it was discovered – and patched – three months ago.
The news is that no one – not the researchers, not the patch release Microsoft – knows exactly how dangerous it is. In fact, it allows threat actors to run malicious code without authentication. Furthermore, it can be wormed, allowing threat actors to trigger chain reactions to replicate exploits on other vulnerabilities. final point. In other words, malware that takes advantage of the vulnerability can spread across devices like wildfire.
Discuss the findings with Ars techniqueValentina Palmiotti, the IBM security researcher who discovered the code execution vulnerability, said an attacker could enable the vulnerability through “any Windows application protocol that authenticates”.
“For example, the vulnerability could be triggered by trying to connect to an SMB share or through Remote desktop. Some other examples include Microsoft IIS servers and SMTP servers exposed to the Internet with Windows Authentication enabled. Of course, they can also be exploited on internal networks if left unpatched.”
When Microsoft first patched it three months ago, they believed the vulnerability could only allow threat actors to get some sensitive information from the device and, therefore, labeled it as “critical”. “. Now, the company has revised its rating, labeling it “endangered”, with a severity score of 8.1.
Unlike EternalBlue, which is a zero-day vulnerability and leaves security experts and software manufacturers scrambling to build a fix, the patch for this vulnerability has been available for three months, because so its effect will be somewhat limited.
- Here is our summary of best firewall (opens in a new tab) on the market today
Via: Ars technique (opens in a new tab)