A researcher has published exploit code for a Microsoft Windows vulnerability that, when left unpatched, has the potential to spread from computer to computer with no user interaction.
So-called wormable security flaws are among the most severe, because the exploit of one vulnerable computer can start a chain reaction that rapidly spreads to hundreds of thousands, millions, or tens of millions of other vulnerable machines.
The WannaCry and NotPetya exploits of 2017, which caused worldwide losses in the billions and tens of billions of dollars respectively, owe their success to CVE-2017-0144, the tracking number for an earlier wormable Windows vulnerability.
Also key to the destruction was reliable code developed by and later stolen from the National Security Agency and finally published online.
Microsoft patched the flaw in March 2017, two months before the first exploit took hold.
Proof-of-concept exploit code for the new wormable Windows vulnerability was published on Monday by a Github user with the handle Chompie1337.
SMBGhost, the name given to the new Microsoft vulnerability, is likely not as easy to exploit by remote attackers, but its potential for wormable exploits and the slow rate of patching even critical security flaws have still stoked concerns among some security professionals.
The result of the newly released exploit is that it increases the chances of attackers developing worms that work remotely.
Two days later, Microsoft issued an unscheduled update that patched the vulnerability.
As the world learned from WannaCry and NotPetya, Windows users often wait months or longer to install critical software updates.
18 hours ago
19 hours ago
21 hours ago
21 hours ago
Get monthly updates and free resources.
CONNECT WITH US