Homeland Security: Hackers Targeting Windows 10 Vulnerability

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) released the warning last week.

Homeland Security: Hackers Targeting Windows 10 Vulnerability

U.S. cybersecurity officials are warning of a three-month-old Windows 10 vulnerability and proof-of-concept code that could allow a bad actor to execute code on a compromised machine.

Malicious cyber actors are targeting unpatched systems with the new proof of concept code, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) says in a warning.

CISA recommends using a firewall to block SMB ports from the internet and to apply patches to critical and high-severity vulnerabilities as soon as possible.

According to Forbes, Microsoft disclosed and provided updates for the vulnerability in March, but unpatched systems are being targeted with the new proof-of-concept code.

The vulnerability is called CVE-2020-0796, but it’s better known as SMBGhost, the publication says.

“CVE-2020-0796, better known today as SMBGhost, was thought so dangerous were it to be weaponized that it merited that rarest of common vulnerability scoring system (CVSS) ratings: a “perfect” 10. Microsoft was quick to act. It issued an emergency out of band fix within days,” reports Forbes. “SMBGhost is a fully wormable vulnerability that could enable remote and arbitrary code execution and, ultimately, control of the targeted system if a successful attack was launched. The vulnerability, in Microsoft’s Server Message Block 3.1.1, allows for a maliciously constructed data packet sent to the server to kick off the arbitrary code execution.”

However, if not every at-risk device was updated automatically, some machines are still exposed, according to Forbes.

“Such an attack would require both an unpatched and vulnerable Windows 10 or Windows Server Core machine and, crucially, working and available exploit code,” Forbes continues. “The former should have been sorted by the emergency update being applied automatically, but that assumes every device at risk would have automatic updates enabled. This is not the case, for a myriad of reasons, and leaves systems and data exposed.”

What IT administrators should do:

This article originally ran on our sister publication My TechDecisions.

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

Leave a Reply

Your email address will not be published. Required fields are marked *

Get Our Newsletters
Campus Safety Conference promo