This critical Windows vulnerability could be as severe as WannaCry, experts claim
A vulnerability more serious than EternalBlue sat in Windows for some time before it was finally discovered and patched, experts have revealed.
For those with shorter memories, EternalBlue was an NSA engineered zero-day for Windows that spawned WannaCry, possibly the most devastating global ransomware threat to ever emerge.
IBM researchers who discovered the flaw said it was even more powerful because it resides in a broader range of network protocols and gives attackers more flexibility in conducting their attacks.
Three Month Progress
The bug tracked as CVE-2022-37958 isn’t exactly new, having been discovered – and patched – three months ago.
The news is that nobody – not the researchers, not Microsoft, which issued the patch – knew exactly how dangerous it really was. In reality, it allows attackers to run malicious code without requiring authentication. Additionally, it is wormable, allowing threat actors to trigger a chain reaction of self-replicating exploits on other vulnerable endpoints. In other words, the malware abusing the bug could spread across devices like wildfire.
Discussion of the findings with Ars TechnicaValentina Palmiotti, the IBM security researcher who discovered the code execution vulnerability, said an attacker could trigger the vulnerability via “any Windows application protocol that authenticates.”
“The vulnerability can be triggered, for example, by trying to connect to an SMB share or via Remote Desktop. Some other examples include Internet-exposed Microsoft IIS servers and SMTP servers that have Windows authentication enabled. Of course, they can also be exploited on internal networks if they are not patched.”
When Microsoft first patched it three months ago, it believed the bug could only allow attackers to steal some sensitive information from the device, so it labeled it “important.” Now the company changed the classification and marked it as “critical” with a severity of 8.1.
Unlike EternalBlue, which was a zero-day and kept security researchers and software vendors busy creating a fix, the patch for this bug has now been available for three months, so its impact should be somewhat limited.
- Here’s our rundown of the best firewalls (opens in new tab) on the market today
Above: Ars Technica (opens in new tab)
https://www.techradar.com/news/this-critical-windows-security-flaw-could-be-as-serious-as-wannacry-experts-claim This critical Windows vulnerability could be as severe as WannaCry, experts claim
