What you need to know
- CISA issued a warning that attackers are targeting unpatched systems through the security flaw known as Eternal Darkness and SMBGhost.
- Microsoft patched the security flaw in March, but some people haven't updated their PCs.
- Attackers can utilize the vulnerability to gain remote access to a system and do damage.
When Microsoft sent out the patch in March, it was an "out-of-band patch," which means that it came separately from Microsoft's usual Patch Tuesday updates. These types of updates generally fix security issues, though Microsoft also issued an out-of-band update for a bug involving VPNs blocking Office apps from accessing the internet in March.
The Eternal Darkness or SMBGhost security vulnerability involves the Server Message Block (SMB) protocol. This is a protocol that allows PCs on a network to share files, printers, and other elements. Version 3.11 of the SMB protocol is affected by the security flaw.
CISA points out that while the flaw has been patched, there are still systems at risk:
Although Microsoft disclosed and provided updates for this vulnerability in March 2020, malicious cyber actors are targeting unpatched systems with the new PoC, according to recent open-source reports. CISA strongly recommends using a firewall to block SMB ports from the internet and to apply patches to critical- and high-severity vulnerabilities as soon as possible.
To protect your system from the Eternal Darkness/SMBGhost security flaw, you can check for an update through Windows Update. You can also update your PC to the May 2020 Update for Windows 10 (version 2004), as the security flaw does not affect the latest version of Windows 10. Microsoft also has a security advisory that breaks down the vulnerability and outlines which PCs and versions of Windows 10 are affected.
