A Leak about a vulnerability in the Windows 10 has brought security experts from Microsoft at the pain. Because it is in connection with a regular Update of the security for the Windows operating system were circulating on Tuesday, apparently in the circles of the researchers of the security of the information about a vulnerability, that is, in fact, it should not be open to the public.
Two posts of information technology (IT) security firms, the vulnerability that is described in this document, however, at the same time, he has published a security Update from Microsoft has not been fixed. A procedure to avoid the IT security specialists to actually try it. Microsoft has put a light arrow at the bottom of the little door to which the lock should be crack-Hack-now. The fear of security experts is now that the bad guys are on the right, is harmful to the development of the software to take advantage of the space. Such a tool would be for a technically savvy Hacker easily if you know how to find it as a weakness.
The big Software companies to make their security vulnerabilities are often publicly available, and if you have found it. It is often the case in co-operation with the security – it appears that this was also planned in the current case. However, the information should be public, if the issues have already been closed. This has not happened in the present case, since, in the case of IT security experts, such as the security researcher Jake Williams, to critical acclaim.
Windows users can protect themselves with a click
Just a couple of days later, on Thursday, Microsoft released a security update for the vulnerability is to fix it. The Federal office for security in information technology (BSI) advised users of Windows, here, download and install it right away.
A security vulnerability, all users of the Windows 10, which is brought to your System, and has been since September of 2019 at the latest, as well as potentially affected. Specifically, the gateway is located in the so-called SMBv3 the System. With this feature, Windows 10 ensures that, for example, you can connect a Computer to a network over Wi-Fi.
IT security researchers are alarmed by the difference, especially because of the WannaCry and NotPetya are two of the most harmful Trojan in the past few years, a very similar vulnerability in Windows to spread on a global scale has the advantage. WannaCry and NotPetya is always a Trojan horse that encrypts the data on their victims, and many of the companies and persons deprived of their high damage. They have been working like a worm, and the networks of dissemination, especially in business, self-employment, if he could once get on a computer. Have you stuck in global shipping companies such as Maersk and display boards of the Deutsche Bahn (underground) station.
The BSI described the difference as “critical”. The danger, however, is lower than that in the case of the WannaCry or NotPetya. The reason for this is that the hackers would always be a malicious software, to ensure the safety and security of the gap to be exploited. In the case of the WannaCry and NotPetya they were the most efficient tools at Hand, for deep in the computer system victims to come in. This is not in the current weak point it is currently the case.
In addition to this, it is blocked in many routers, which of the users are at home, go to the net, a great channel through which a Trojan horse could attack. For the BSI, and Microsoft pointed out that you can comply with in order to Exploit the vulnerability. “You do not have to change, however, in the short term,” says the BSI.
The current SMBv3-there is a gap between the security forces, however, and especially for the administrators of larger networks, for example, in business, in order to Act. “For individuals, the risk of being regarded as tend to be lower than in the networks of the companies,” said a BSI spokesman for the SZ. This is because for larger networks, more frequent, and the SMB Connections are used, for example, to send files to the printer in the office, or to connect to a network drive.