>
A more serious vulnerability than EternalBlue sat in Windows for some time before it was finally discovered and patched, experts have revealed.
For those with shorter memories, EternalBlue was an NSA-built zero-day for Windows that gave rise to WannaCry, possibly the most devastating global ransomware threat to ever emerge.
Researchers at IBM, who discovered the flaw, said it was even more powerful because it was in a wider range of network protocols, giving attackers more flexibility in launching their attacks.
Three months ahead
The flaw, tracked as CVE-2022-37958, isn’t exactly new, as it was discovered – and patched – three months ago.
The news is that no one – not the researchers, not Microsoft who released the patch – knew exactly how dangerous it really was. In reality, it allows threat actors to execute malicious code without the need for authentication. In addition, it is wormable, allowing threat actors to trigger a chain reaction of self-replicating exploits on other vulnerable endpoints. In other words, the malware exploiting the flaw can spread across devices like wildfire.
Discussing the findings with Ars TechnicaValentina Palmiotti, the IBM security researcher who discovered the code execution vulnerability, said an attacker could trigger the vulnerability through “any Windows application protocol that authenticates.”
“The vulnerability can be triggered, for example, by attempting to connect to an SMB share or via Remote Desktop. Some other examples are Internet exposed Microsoft IIS servers and SMTP servers with Windows authentication enabled. Of course, they can also be exploited on internal networks if not patched.”
When Microsoft first patched it three months ago, it believed the flaw would only allow threat actors to get their hands on some sensitive information from the device, and so labeled it “important”. Now the company has amended the rating and labeled it “critical”, with a severity score of 8.1.
Unlike EternalBlue, which was a zero-day and left behind security experts and software makers to build a fix, the patch for this bug has been out for three months now, so the effects should be somewhat limited.
- Here’s our rundown of the best firewalls (opens in new tab) on the market today
Through: Ars Technica (opens in new tab)