The Cybersecurity and Infrastructure Security Agency (CISA), an arm of the Department of Homeland Security (DHS) has issued a warning regarding unpatched Windows 10 Systems. Back in March of 2020, Microsoft disclosed this vulnerability and provided updates to handle the issue. Unfortunately, many Microsoft users have not implemented the patch, and now cyber bad guys have made publicly available code that exploits the vulnerability.
SMBGhost, as the vulnerability is known as, allows a data packet that is specially created to exploit the vulnerability in Microsoft Windows 10, to run on the central SMB server and execute random code on the system. Once deployed, hackers have access to your device and can run their malicious code remotely. This can infect your computer with a host of malware and ransomware items. And because SMBGhost is wormable (think spreadable), it can spread across the network you're on once one device that is connected is infected.
Because many people fail to update their operating systems with new patches, hackers are on the hunt for those who have not done the updates. If you have your automatic updates turned on, your device should already be protected from this threat. If not, you can easily update Windows manually. Click on the start menu at the bottom left corner and open the Settings. There is an option for Update & Security. Click on the icon and check for updates. If an update is available, click download and install. You will need to restart your device after installation is complete.
On a business device, your IT department or Managed IT Services Provider handles the deployment of patches. If your business needs assistance with handling patch updates, a Managed IT Services Provider such as Fraser should be able to assist you. Fraser offers a wide variety of Managed IT Services including patch deployment.
Keep your devices safe, and be sure you are protected against cybersecurity threats. Employ a respectable Managed IT Services Provider.