Microsoft apparently accidentally announces that there is a security vulnerability in Windows 10 that no update can yet close. A special feature makes the vulnerability particularly dangerous.
Microsoft is currently distributing updates for Windows 10, which fixes a total of 117 vulnerabilities. However, there is no update among them that could close a particularly dangerous gap that gapes in an operating system protocol (SMBv3) that regulates access to network files. This means that it is an open gate for attacks from a distance. In addition to Windows 10 computers, Windows Server is also affected.
As dangerous as WannaCry?
The vulnerability makes it particularly dangerous that it clears the way for malware that can spread like a worm. To do this, it is obviously sufficient for a computer to be connected to an infected SMBv3 server that is sending defective code that can then be executed on the attacked system. The ransomware Trojan spread in a similar way in 2017 WannaCry, which caused enormous damage worldwide.
Actually, the problem shouldn’t have been announced because Microsoft doesn’t have a patch yet. But loud “Winfuture“an update was apparently planned, which is why the company already informed security providers in advance, who in turn made the vulnerability public.
Simple emergency measures
Microsoft has responded and Measures publishedwith which affected systems can be temporarily protected until a patch is available. Among other things, the company recommends deactivating the compression of the affected protocol. All you have to do is enter a command in Windows PowerShell. The easiest way to find them is to type “PowerShell” in the search window at the bottom left of the taskbar. The command is simply copied from the Microsoft side, it is under Workarounds in the first gray field.
Microsoft also recommends closing TCP port 445 in the firewall or checking that it is blocked. The Windows firewall can be found by entering “Firewall” in the search window and then in the search results under Apps Windows Defender Firewall with advanced security selects.
There you click in the menu on the top left Incoming rules and then on the right in the menu under Actions New rule. In the window that opens you choose port and click on Further. In the next window, type in the input window “445” and then click again Further. Then you choose Block connection and then click twice Further. Finally, you enter a name for the rule. This makes it easy to find and delete them or to release the port. Once that’s done, click on Complete.
– .
