Microsoft has begun the roll-out of a Windows security patch to counter a vulnerability that enables attackers to transfer malicious code without the knowledge or permission of the users.
The fix is available in KB4551762 update for Windows 10, versions 1903,1909, and 1909.
Microsoft has revealed that any user who has already installed the March 10 2020, update, should install KB4551762 to be unaffected by this vulnerability. This bug exists in the latest version of Window’s server message block (SMB). The function of SMB is to allow Windows to allow communication with devices like printers and file servers. These devices are present on the servers, on the network and the internet.
‘A remote code execution vulnerability exists in the way SMB 3.1. (v3) protocol handles certain requests. A hacker who manages to exploit this vulnerability could gain the ability to execute code on the target server or client’, said Microsoft.
A hacker who tries to exploit the vulnerability against a server could send a specially crafted packet to a targeted SMBv3 server. Whereas to exploit a client, he could do so by configuring a malicious SMBv3 server and convince a user to connect it’, added the company.
The security update addresses this vulnerability by correcting how the SMBv3 protocol handles the specially crafted requests,