Security researchers have discovered a new Windows vulnerability, with the potential to rival the damage caused by EternalBlue and WannaCry.
Like the previous attacks, the unnamed vulnerability (CVE-2022-37958) can allow threat actors to execute malicious code on a Windows system bypassing the authenticity checks.
Like EternalBlue and WannaCry, this new attack can spread to other vulnerable systems in a matter of minutes with no user interaction required.
While EternalBlue exploits were based on printer and file-sharing networks, the new loophole is even more dangerous since it can spread over a broader range of network protocols, making it more flexible and dangerous.
“An attacker can trigger the vulnerability via any Windows application protocols that authenticates,” said Valentina Palmiotti, security researcher at IBM, in an interview to Ars Technica.
“For example, the vulnerability can be triggered by trying to connect to an SMB share or via Remote Desktop. Some other examples include Internet exposed Microsoft IIS servers and SMTP servers that have Windows Authentication enabled. Of course, they can also be exploited on internal networks if left unpatched,” Palmiotti added.
The good news is that there is already a fix and Microsoft rolled out a patch for it in September but had marked its designation as "important" in the disclosure.
Palmiotti found out that the flaw allowed for remote execution, and informed Microsoft. The team then changed the designation to "critical" along with a rating of 8.1, the same rating as EternalBlue.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
