San Francisco, March 13 (SocialNews.XYZ) Microsoft has released a Windows patch for a security vulnerability that enabled attackers to transfer malicious code from one machine to another if they had the vulnerability without the knowledge of the users.
The fix is available as KB4551762, an update for Windows 10, versions 1903 and 1909, and Windows Server 2019, versions 1903 and 1909.
"Customers who have already installed the updates released on March 10, 2020 for the affected operating systems should install KB4551762 to be protected from this vulnerability," Microsoft said on Thursday.
The bug exists in the latest version of Window's server message block, known as SMB, which lets Windows communicate with devices, like printers and file servers, on the network and across the internet.
"A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client," the company said in a statement.
The detail rated bug were released on Tuesday as part of the software giant's typical monthly release of security patches, what it calls Patch Tuesday.
"To exploit the vulnerability against a server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 server. To exploit the vulnerability against a client, an unauthenticated attacker would need to configure a malicious SMBv3 server and convince a user to connect to it," the company added.
The security update addresses the vulnerability by correcting how the SMBv3 protocol handles these specially crafted requests.
Source: IANS
About Gopi
Gopi Adusumilli is a Programmer. He is the editor of SocialNews.XYZ and President of AGK Fire Inc.
He enjoys designing websites, developing mobile applications and publishing news articles on current events from various authenticated news sources.
When it comes to writing he likes to write about current world politics and Indian Movies. His future plans include developing SocialNews.XYZ into a News website that has no bias or judgment towards any.
He can be reached at gopi@socialnews.xyz