"DHS CISA: Threat Actors Targeting Unpatched Microsoft Windows Flaw"

The Department of Homeland Security's (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has published an advisory about a critical vulnerability, known as CVE-2020-0796, contained by Microsoft Server Message Block 3.1.1 (SMBv3) in all Windows 10 platforms and Windows Server versions, 1903 and 1909. The remote code execution vulnerability is being targeted by threat actors using a recently published proof-of-concept (POC) code. Researchers have discovered that the vulnerability is associated with how the SMB protocol handles some requests. The exploitation of this security flaw could allow a hacker to execute arbitrary code on the SMB Server or Client. Researchers also warn that the flaw is wormable in that it could spread from one vulnerable machine to another. Although Microsoft released a patch shortly after the disclosure of this flaw, many systems remain vulnerable. Such flaws pose a significant threat to the healthcare sector as healthcare organizations continue to use vulnerable, legacy systems, and struggle to maintain up-to-date patch policies. This article continues to discuss the vulnerability in relation to what its exploitation could allow hackers to do, why this vulnerability poses a great threat to the healthcare sector, and what administrators should do to protect systems against the abuse of this flaw.

HealthITSecurity reports "DHS CISA: Threat Actors Targeting Unpatched Microsoft Windows Flaw"