What you need to know
- CISA issued a warning that attackers are targeting unpatched systems through the security flaw known as Eternal Darkness and SMBGhost.
- Microsoft patched the security flaw in March, but some people haven't updated their PCs.
- Attackers can utilize the vulnerability to gain remote access to a system and do damage.
Unpatched PCs running Windows 10 are being targeted by attackers utilizing a security vulnerability known as Eternal Darkness and SMBGhost. The US Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about the security flaw and the fact that attackers are still using it (via PC Gamer). Microsoft issued a patch for the vulnerability in March, but some people haven't updated their systems. As a result, attackers can gain unauthorized remote access to unpatched PCs and to damage.
When Microsoft sent out the patch in March, it was an "out-of-band patch," which means that it came separately from Microsoft's usual Patch Tuesday updates. These types of updates generally fix security issues, though Microsoft also issued an out-of-band update for a bug involving VPNs blocking Office apps from accessing the internet in March.
The Eternal Darkness or SMBGhost security vulnerability involves the Server Message Block (SMB) protocol. This is a protocol that allows PCs on a network to share files, printers, and other elements. Version 3.11 of the SMB protocol is affected by the security flaw.
CISA points out that while the flaw has been patched, there are still systems at risk:
Although Microsoft disclosed and provided updates for this vulnerability in March 2020, malicious cyber actors are targeting unpatched systems with the new PoC, according to recent open-source reports. CISA strongly recommends using a firewall to block SMB ports from the internet and to apply patches to critical- and high-severity vulnerabilities as soon as possible.
To protect your system from the Eternal Darkness/SMBGhost security flaw, you can check for an update through Windows Update. You can also update your PC to the May 2020 Update for Windows 10 (version 2004), as the security flaw does not affect the latest version of Windows 10. Microsoft also has a security advisory that breaks down the vulnerability and outlines which PCs and versions of Windows 10 are affected.
We may earn a commission for purchases using our links. Learn more.
Everything Bethesda Softworks is working on right now for Xbox and PC
Microsoft stunned the gaming world when it announced it was acquiring ZeniMax Media, adding Bethesda Softworks to Xbox. Here's everything Bethesda Softworks is working on right now.
We go hands-on with the remastered Age of Empires III: Definitive Edition
Age of Empires III: Definitive Edition is expected to be released October 15, 2020, and we were able to get our hands on a preview build to see how it's coming along.
Dell's XPS 13 2-in-1 and XPS 15 are both beautiful, but which one is best?
These two laptops from Dell are similarly priced, but they have some significant differences that will sway you one way or the other in your buying process. We've laid out the stuff you need to know right here.
The NFL is back! Check out these must-have Windows apps for football fans
After months of waiting through a unique offseason and no preseason games, the NFL is finally back this week. With these Windows 10 apps, you won't miss a snap of the NFL action.