Homeland Security advises Windows 10 users to install the latest version of the operating system as soon as possible after a critical vulnerability has been found. The bug contains a ‘wormable’ element, which makes it easy to spread.
Microsoft published a patch mid-March that should fix the bug. The tech giant initially provided details of the critical bug but took it offline later on. This raised questions within the community, and users were concerned. Systems that didn’t install the patch (Windows 10 and Windows Server 2019, versions 1903 and 1909) would be at additional risk.
The vulnerability is said to be related to the Server Message Block (SMB) that Windows uses to communicate with other devices such as printers. By exploiting the vulnerability (SMBGhost), hackers can run malware and ransomware remotely and uninterrupted on an affected PC. Since it is possible to spread across a network, entire systems could be shut down, as was done in the past with ransomware WannaCry.
Last week, GitHub featured a script that allowed the bug to take over an entire network. Homeland Security seized the opportunity to publicly highlight the need to update Windows.
The user who published the script on GitHub said by their own admittance that their proof-of-concept code was “written quickly and needs some work to be more reliable”, but if used maliciously, it could cause considerable damage.