Microsoft: New Wormable, Unpatched Bug in SMB File-Sharing System
Microsoft has published a security advisory, warning users that there is a remote code execution vulnerability in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests.
Charles Ragland, security engineer at Digital Shadows, says that the vulnerability allows for unauthenticated users to remotely execute code on victim machines. "Attackers could either target existing SMBv3 servers or impersonate an SMBv3 server and attack connecting clients. There's currently no evidence that the exploit has been used in the wild. Given the prevalence of SMB, if an exploit is made public, it could prove to be a large issue for companies to deal with, as there is currently no patch available," says Ragland.