US Department Of Homeland Security Warns About SMBGhost Wormable Windows Exploit
The cybersecurity advisory unit of U.S. Department of Homeland Security has issued a warning to Windows computer users about code for a "wormable" bug that was published online last week. The exploit is known as SMBGhost and takes advantage of an issue in Windows' server message block or SMB. SMB is a component of Windows that allows it to talk with other devices, such as printers or servers.
The warning from the Homeland Security isn't only that the SMBGhost code has been published online, but that the code is designed to take advantage of a security vulnerability that Microsoft patched in March. The warning tells Windows users to update their computers to protect themselves from the exploit. If an attacker can execute the code on a target machine, they can gain complete access to the Windows computer with the ability to run malicious software, such as malware, remotely from the Internet.
SMBGhost's most disturbing attribute is that it is wormable, which means it can spread across networks. Past malware able to spread across networks included NotPetya and WannaCry. Those exploits combined caused billions of dollars in damage. Although Microsoft published a patch for the SMB issue months ago, tens of thousands of computers connected to the Internet are unpatched and still vulnerable. Many Windows users have been putting off updates due to the disturbing trend in recent months of Windows patches causing significant issues on PCs when applied.
Hackers are targeting unpatched systems using the code, which was published on GitHub by a researcher claiming it was a proof-of-concept. While the security researcher who published the code warned of "using this for any purpose other than self-education," hackers are using the code to attack vulnerable systems. Windows users who haven't patched their PCs recently should do so.