Bonn, March 12, 2020. A vulnerability in the Microsoft product Windows enables malware to not only carry out targeted attacks but also to spread independently in affected IT networks in a worm-like manner. Since there is currently no patch available to close the security gap, the Federal Office for Information Security (BSI) considers it to be critical.
Use Microsoft's workaround
So far, Microsoft has only been able to provide a europe gambling data workaround that can be used to prevent the exploitation of the vulnerability on SMB servers. The workaround is not suitable for individual SMB clients, so completely disabling SMB should be considered for affected SMB clients (see below). A similar scenario led to the IT security incidents " WannaCry " and "NotPetya" in 2017.
The BSI is not aware of any active exploitation of the vulnerability so far. However, since the security gap has now become public knowledge, this could change in the short term.
The BSI therefore strongly recommends implementing the workaround described by Microsoft
(microsoft.com/en-US/security-guidance/advisory/ADV200005 ). In addition, a patch should be installed as soon as it is available. Access from the Internet to port 445/tcp used by SMB should always be blocked by the firewall .
For SMB clients of the affected Windows versions, a complete deactivation of SMB or a network-side blocking should be considered until the vulnerability is closed.
BSI warns of wormable vulnerability in Windows
-
hasan018542
- Posts: 179
- Joined: Sun Dec 22, 2024 4:53 am