image credit: Pxhere

Microsoft delivers emergency patch to fix wormable Windows 10 flaw

March 12, 2020

Microsoft on Thursday released an unscheduled fix for a critical security bug that makes it possible for attackers to remotely execute malicious code that can spread from vulnerable machine to vulnerable machine without requiring any interaction from users.

The flaw, in version 3 of Microsoft’s implementation of the Server Message block protocol, is present only in 32- and 64-bit Windows 10 versions 1903 and 1909 for clients and servers. Although the vulnerability is difficult to exploit in a reliable way, Microsoft and outside researchers consider it critical because it opens large networks to “wormable” attacks, in which the compromise of a single machine can trigger a chain reaction that causes all other Windows machines to quickly become infected.

Read More on ArsTechnica