News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • A March security patch, for CVE-2020-0796, gets a publicly available proof of concept

    Posted on June 5th, 2020 at 13:42 woody Comment on the AskWoody Lounge

    If you haven’t yet installed the March or April or May security patches, time to get cookin’.

    Ionut Ilascu at Bleeping Computer just reported on a publicly available exploit for the SMB security hole.

    Working exploit code that achieves remote code execution on Windows 10 machines is now publicly available for CVE-2020-0796, a critical vulnerability in Microsoft Server Message Block (SMB 3.1.1)… Known by various names (SMBGhost, CoronaBlue, NexternalBlue, BluesDay), the security flaw can be leveraged by an unauthenticated attacker to spread malware from one vulnerable system to another without user interaction.

    I don’t see anything out in the wild yet, but it’s only a matter of time.

    Yes, you do need to patch sooner or later.