Homeland Security Warns Windows 10 Users About new Threat

Last week, some bad actors published the exploit code for a “wormable” bug online.

The exploit code, called SMBGhost, takes advantage of a security vulnerability that Microsoft patched back in March. It exploits a bug in the Server Message Block (SMB) components that enable Windows to communicate with devices such as printers and file servers.

Upon completing the exploit, the attacker will have unlimited access to a Windows computer. That way, he or she can run malicious codes such as ransomware or malware from a remote location.

Now here’s the worse part.

Since the code is “wormable,” it can spread across networks to millions of other users. It’s similar to how attackers implemented two devastating cyber attacks — the NotPetya and Wannacry ransomware — a few years ago.

Earlier this week, a Github user published the proof-of-concept exploit code.

The user noted that the exploit was “written quickly and needs some work to be more reliable.” The researcher also warned that the code could cause significant damage in the wrong hands.

The researcher noted:

“Using this for any purpose other than self-education is a horrible idea. Your computer will burst in flames. Puppies will die.”

Microsoft published a patch to address the threat one month ago. However, tens of thousands of Windows 10 users are still vulnerable, and this prompted the advisory.

You May Want to Update Your Windows 10 System

The cybersecurity advisory unit at the Homeland Security wants Windows 10 users to ensure their systems are fully patched.

According to the agency, hackers are “targeting unpatched systems” using the new code. So, it recommends using a firewall to block SMB ports from the internet.

However, the more prudent option would be to install the latest Windows update as soon as possible.

Microsoft also encourages users of Windows 10 version 1903 and 1909 as well as Windows Server versions 1903 and 1909 to install patches.

In a statement on Friday, the tech company said:

“An update for this vulnerability was released in March, and customers who have installed the updates, or have automatic updates enabled, are already protected.”