Microsoft issues emergency Windows 10 patch for leaked vulnerability
The security hole exists in Microsoft’s Server Message block (SMB) protocol on recent 32- and 64-bit versions of Windows 10 both on the client and server sides. Researchers from Microsoft and elsewhere labeled it critical because the compromise of a single machine could compromise others on the same network. Microsoft said that there’s no evidence so far that the flaw is being actively exploited, but said it’s “more likely” than not to happen in the future.
An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client. To exploit the vulnerability against a server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 server. To exploit the vulnerability against a client, an unauthenticated attacker would need to configure a malicious SMBv3 server and convince a user to connect to it.
Windows 10 has strong defenses that make that scenario unlikely, but motivated and skilled attackers could likely engineer successful attacks. To prevent against that, users (especially those on networks) should install the KB4551762 security update as soon as possible or follow Microsoft’s mitigation advice. Most folks should get the patch installed automatically via Windows Update.