A "wormable" weakness might cause the same kind of chaos as WannaCry.
What happened just now? Millions of machines could have their Windows security turned upside down by a new, powerful vulnerability. Although the bug hasn't been given an official name yet and a remedy is already available, researchers are advising businesses to instal the most recent updates or risk the repercussions.
The National Security Agency (NSA) vulnerability discovered (and stockpiled) by EternalBlue in 2017 was exploited by the notorious WannaCry and NotPetya attacks (among many others) to hit digital infrastructures all over the world. The security community still recalls (and dreads) the chaos it unleashed.
A new warning is being issued by security researchers about a significant vulnerability that, if not patched, might be even more harmful than EternalBlue.Similar to EternalBlue, the newly discovered hole, designated CVE-2022-37958, allows remote code execution without authentication. The bug can "worm" itself into other weak systems and attack them, so to speak. This is precisely why WannaCry and the other assaults of 2017 were able to spread so quickly.
CVE-2022-37958, in contrast to EternalBlue, is considerably more hazardous because it is a part of the SPNEGO Extended Negotiation mechanism and is not restricted to the Server Message Block (SMB) protocol. Client-server software uses SPNEGO to negotiate the selection of the security technology to be employed.With SPNEGO, a client computer and an internet server can choose which authentication protocol to employ; in addition to SMB, these protocols also include RDP, SMTP, and HTTP.
In contrast to EternalBlue, the threat posed by CVE-2022-37958 is lessened by the fact that the ideal fix has been around for three months.With their monthly Patch Tuesday release in September 2022, Microsoft solved the problem. Redmond's analysts at the time rated the weaknesses as "significant," considering the problem to be no more than a potential leak of private data. After examining the code, the same analysts have now given CVE-2022-37958 a "critical" tag and a severity level of 8.1, which is the same as EternalBlue.
The fact that a fix is already available might cause more problems than it does good.According to IBM security researcher Valentina Palmiotti, "some organisations have been slow to deploy patches for several months or lack an accurate inventory of systems exposed to the internet and miss patching systems altogether," as was the case with other significant vulnerabilities over the years, such as MS17-010 exploited with EternalBlue.Millions of Windows systems starting with Windows 7 still harbour the threat.
No comments:
Post a Comment