Homeland Security warns over 'wormable' Windows 10 bug

A computer running Microsoft Corp.'s Windows 10 operating system sits on display during a launch event in Tokyo, Japan, on Wednesday, July 29, 2015. The release of Microsoft's new Windows 10 operating system -- an event that in years past sparked a surge of computer buying -- will do little to ease the four-year sales slump that's been dogging the PC industry. Photographer: Kiyoshi Ota/Bloomberg via Getty Images
A computer running Microsoft Corp.'s Windows 10 operating system sits on display during a launch event in Tokyo, Japan, on Wednesday, July 29, 2015. The release of Microsoft's new Windows 10 operating system -- an event that in years past sparked a surge of computer buying -- will do little to ease the four-year sales slump that's been dogging the PC industry. Photographer: Kiyoshi Ota/Bloomberg via Getty Images
Zack Whittaker

Homeland Security's cybersecurity advisory unit is warning Windows 10 users to make sure that their systems are fully patched, after exploit code for a "wormable" bug was published online last week.

The code takes advantage of a security vulnerability patched by Microsoft back in March. The bug caused confusion and concern after details of the "critical"-rated bug were initially published but quickly pulled offline.

The exploit code, known as SMBGhost, exploits a bug in the server message block — or SMB — component that lets Windows talk with other devices, like printers and file servers. Once exploited, the bug gives the attacker unfettered access to a Windows computer to run malicious code, like malware or ransomware, remotely from the internet.

Worse, because the code is "wormable," it can spread across networks, similar to how the NotPetya and WannaCry ransomware attacks spread across the world, causing billions of dollars in damage.

Even though Microsoft published a patch months ago, tens of thousands of internet-facing computers are still vulnerable, prompting the advisory.

In the advisory, Homeland Security's Cybersecurity and Infrastructure Security Agency said hackers are "targeting unpatched systems" using the new code, and advise users to install updates immediately.

The researcher who published the code, a GitHub user who goes by the handle Chompie1337, said by their own admittance that their proof-of-concept code was "written quickly and needs some work to be more reliable," but warned that the code, if used maliciously, could cause considerable damage.

"Using this for any purpose other than self education is an extremely bad idea. Your computer will burst in flames. Puppies will die," said the researcher.

If you haven't updated Windows recently, now would be a good time.

Microsoft releases emergency patch for ‘leaked’ Windows 10 security bug


More From

  • Huawei posts revenue growth in H1 despite sanctions and pandemic

    Huawei reported a 13.1% year-over-year revenue growth in the first half of 2020, even if countries around the world continued to weigh up bans on its equipment and smartphone sales shrink amid the pandemic, the telecom giant said in a brief on Monday. The firm's revenue reached 454 billion yuan ($64.88 billion) in the period, with its carrier, enterprise, and consumer businesses accounting for 35%, 8% and 56% of total revenue, respectively. It finished with a net profit margin of 9.2%, a slight increase from 8.7% in the same period last year.

  • Luckin Coffee replaces chairman Charles Lu

    Luckin Coffee has replaced co-founder and (now ex-) chairman Charles Zhengyao Lu, despite his efforts to maintain control over the troubled Beijing-based coffee chain. The company disclosed in an SEC filing on Monday that Jinyi Guo, another co-founder, board member and former acting chief executive of Luckin, has been appointed as its new chairman and chief executive officer. In today’s SEC filing, Luckin also said a total of four directors have left the board (Lu, David Hui Li, Erhai Liu and Sean Shao) and two new independent directors have been appointed.

  • Ford blends tech and nostalgia in the 2021 Bronco

    After 24 years, Ford relaunched the 2021 Bronco in a splashy reveal streamed Monday evening on ABC, ESPN and National Geographic, each short film showcasing a different member of the family: the Bronco 2-door, Bronco 4-door and Bronco Sport. The Bronco 2021 — Ford's flagship series of 4x4 vehicles — is a brand that leans heavily on nostalgia, customization, functional design and technology such as the automaker's next-generation infotainment system and a digital trail mapping feature that lets owners plan, record and share their experiences via an app. This is not the 1966 Ford Bronco, the first year that the rugged two-door off-roader came to market to compete with the Jeep CJ-5.

  • BigCommerce files to go public

    As expected, BigCommerce has filed to go public. BigCommerce, similar to public market darling Shopify, provides e-commerce services to merchants. Given how enamored public investors are with its Canadian rival, the timing of BigCommerce's debut is utterly unsurprising and is prima facie intelligent.