Technology 2 min read

Homeland Security Warns Windows 10 Users About new Threat

charnsitr /

charnsitr /

Last week, some bad actors published the exploit code for a “wormablebug online.

The exploit code, called SMBGhost, takes advantage of a security vulnerability that Microsoft patched back in March. It exploits a bug in the Server Message Block (SMB) components that enable Windows to communicate with devices such as printers and file servers.

Upon completing the exploit, the attacker will have unlimited access to a Windows computer. That way, he or she can run malicious codes such as ransomware or malware from a remote location.

Now here’s the worse part.

Since the code is “wormable,” it can spread across networks to millions of other users. It’s similar to how attackers implemented two devastating cyber attacks — the NotPetya and Wannacry ransomware —  a few years ago.

Earlier this week, a Github user published the proof-of-concept exploit code.

The user noted that the exploit was “written quickly and needs some work to be more reliable.” The researcher also warned that the code could cause significant damage in the wrong hands.

The researcher noted:

“Using this for any purpose other than self-education is a horrible idea. Your computer will burst in flames. Puppies will die.”

Microsoft published a patch to address the threat one month ago. However, tens of thousands of Windows 10 users are still vulnerable, and this prompted the advisory.

You May Want to Update Your Windows 10 System

The cybersecurity advisory unit at the Homeland Security wants Windows 10 users to ensure their systems are fully patched.

According to the agency, hackers are “targeting unpatched systems” using the new code. So, it recommends using a firewall to block SMB ports from the internet.

However, the more prudent option would be to install the latest Windows update as soon as possible.

Microsoft also encourages users of Windows 10 version 1903 and 1909 as well as Windows Server versions 1903 and 1909 to install patches.

In a statement on Friday, the tech company said:

“An update for this vulnerability was released in March, and customers who have installed the updates, or have automatic updates enabled, are already protected.”

Read More: How AI Will Improve Cybersecurity in 2020

First AI Web Content Optimization Platform Just for Writers

Found this article interesting?

Let Sumbo Bello know how much you appreciate this article by clicking the heart icon and by sharing this article on social media.

Profile Image

Sumbo Bello

Sumbo Bello is a creative writer who enjoys creating data-driven content for news sites. In his spare time, he plays basketball and listens to Coldplay.

Comments (0)
Most Recent most recent
share Scroll to top

Link Copied Successfully

Sign in

Sign in to access your personalized homepage, follow authors and topics you love, and clap for stories that matter to you.

Sign in with Google Sign in with Facebook

By using our site you agree to our privacy policy.