Microsoft released an emergency security update (KB4551762) for the operating system, Windows 10 versions, 1909 and 1903. “Patch” resolves a vulnerability in the network Protocol Server Message Block 3.1.1 (SMBv3), which is used for remote access to files, printers, and other network resources.
Discovered in Windows 10, the hole allows attackers to execute arbitrary code on the side of SMBv3 client or server. It is quite difficult in the case of the client, a hacker will need some way to configure SMBv3 server and to convince the victim to connect to it. Despite this, Microsoft has described a bug as “critical.”
Experts are concerned that because of vulnerabilities in SMBv3 malicious code can automatically distribute itself from one computer to another. So it was in 2017, when the virus-ransomware WannaCry and NotPetya, passing the chain through the same SMB Protocol, infected several hundred thousand computers (including networks of “Bashneft”, Mars, Nivea, shops “Auchan” and government computers in Ukraine).
Attacks using new vulnerabilities not fixed yet, and the “most likely” will not, said Microsoft. However, users are recommended to install KB4551762 as soon as possible. To check availability of hotfixes in Windows Update (“Windows update”).