Microsoft’s New Wormable, the unpatched bug in SMB File-sharing system
Microsoft, the Redmond, Washington based software tech-giant has revealed that its latest update the Windows Security Patch has a new vulnerability that has the potential to launch remote code execution. This Microsoft Server Message Block SMBv3 protocol handles certain requests and can unleash self-replicating attacks that could networks and businesses around the world.
The Microsoft Server Message Block used to handle requests in file sharing, printing and other local networks resources over the Internet can be exploited by cyber attackers to successfully create a vulnerable protocol that can cause dangerous levels of damage.
A noted security firm described the vulnerability at the head of SMB Server Compression Transform Header Memory Corruption. The vulnerability as described is an error in code where the software handling the network can maliciously craft a compressed data packet. This can then be exploited remotely by an unauthenticated attacker.
Another expert noted that the same protocol was used by WannaCry – the infamous ransomware in 2017. The leverage used by SMB propagation is a dangerous and real risk flaw that can be exploited for unscrupulous purposes.
The need to curb SMB traffic from an external destination is very real, but quite impractical in the real world, noted one head of security. In environments that are hard to control, for instance, healthcare – it is therefore important to block it as much as one can.
Security engineers at Digital Shadows also said that “disabling the SMB version 3 file compression is the only way to mitigate it right now”. In such cases, best security practices need to be followed like disabling unnecessary services, blocking ports at the firewall level, and ensuring that host-based measures are in place to stop any users without administrative access to modify/change security controls.
The founder of a leading open-source software company was also heard mentioning that SMBs should in the rarest of cases be allowed to access the internet. They are vulnerable to cyberattacks and exploitation. As it is extremely common for any IT executive to set-up a service like SMB improperly, hurriedly, exposing it to vulnerabilities. The remote execution vulnerability also poses a threat that is of great severity than most. As SMB protocols are old and have seen many such attacks it becomes a liability. Microsoft in the light of this issue made a statement saying that it will fix the bug in the upcoming updates and ensure stricter measures are taken while setting up SMBs over public networks or open Wi-Fi.