deltatux
#Microsoft discloses a new critical #vulnerability (CVE-2022-37958) that rivals #EternalBlue where attackers can do remote code execution without #authentication and is #wormable.

Worst of all, unlike EternalBlue, this new vulnerability works on any network protocol, not just SMB. Microsoft has since patched this vulnerability back in September.

Be sure that all your systems have been patched!

https://arstechnica.com/information-technology/2022/12/critical-windows-code-execution-vulnerability-went-undetected-until-now/

Microsoft advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37958

#Windows #vulnerabilitymanagement #infosec #cybersecurity
Akkoma

Dec 19, 2022 at 8:27pmWeb
Show threadSliotarDec 19, 2022

@deltatux

The patch was released in September.

Not an insignificant detail.

Show threaddeltatuxDec 19, 2022
@Sliotar

Yes that's true but there's too many organizations out there who may be months if not years behind when it comes to patching. Could just take an employee unknowingly open a malicious attachment or link on a vulnerable workstation to allow attackers worm machines on the network (easier if the network wasn't segmented).
Show threadSliotarDec 19, 2022

@deltatux

That's no excuse for not prominently including the fact that this vulnerability was patched months ago for most people.

Organizations who don't apply patches regularly aren't likely to be following sources that are using this vulnerability as click-bait, and aren't likely to respond anyway.

Show threaddeltatuxDec 19, 2022
@Sliotar

I did it's in my original description...
Show threadSliotarDec 19, 2022

@deltatux

You said it rivals EternalBlue, and that in some ways it's worse than EternalBlue. You didn't say that, unlike EternalBlue, which was a threat to every Windows machine, this is only a threat to machines that have ignored at least 4 months of Windows updates.

The grammatically confused statement "Microsoft has since patched this vulnerability back in September" is not helpful. "Has since patched" implies that MS released the patch since the flaw was announced, not 4 months ago.