Just a few days ago, on March 10, 2020, Microsoft released a giant security update that went to resolve 115 leaks discovered in recent months. But apparently, downloading and installing this cumulative update is still not enough to protect our PCs - another one has just arrived.
This new update addresses one vulnerabilità grave in Microsoft Server Message Block (SMB), an operating system component used for file sharing within corporate networks. This vulnerability, classified with the code CVE-2020-0796, had long been known, and security experts jumped out of their seats when they saw that it wasn't among the 115 vulnerabilities patched with the March 10 update. Microsoft, therefore, had to take action by releasing a specific emergency patch for the bug in SMB, which is now available for download and installation via Windows Update.
Technically the bug in SMB is defined "Wormable", ie it can be used by hackers to spread a worm. Worms are particular malware capable of self-replicating: when it infects a computer, the worm automatically starts with the machine and tries in every way to get out of the PC to infect others. Microsoft Message Block could become one of the ways an eventual worm could spread.
Let's not forget, then, that SMB has already been used by cybercriminals to spread very dangerous viruses such as the famous WannaCry which spread on a large scale in 2017. WannaCry, in turn, was a "ransomware" type virus: it encrypted all hard disk data of the infected computer and then demanded a ransom to decrypt them.
Microsoft has released the patch for this severe vulnerability in SMB through the mandatory security update KB4551762. The update is automatically downloaded from Windows Update, unless the system settings for downloading upgrades have been changed. In this case the user may find in Windows Update the download pending notice for “Cumulative Update for Windows 10 Version 1909 for x64-based Systems (KB4551762)“. It is important to download now and let Windows Update install it and restart the operating system.
Windows 10 to be updated now: dangerous vulnerability discovered