Merry Patching Christmas

Luis Corrons 21 Dec 2022

Here’s an important update to make before you log off for the holidays.

For those of you that are on your way to take a break next week, we’ve got a bit of advice to avoid encountering some unnecessary scares during this time that you’ll be spending with your loved ones.

Put simply: If you’re running any version of Windows, please update it as soon as possible! There’s a new Windows remote code execution vulnerability affecting all Windows machines. Even though it’s not yet being exploited in the wild, it’s better to be safe than sorry. 

Looking back at WannaCry

Some of you probably remember the worst ransomware outbreak in history, WannaCry. In that case, the attack was also taking advantage of a remote code execution vulnerability. WannaCry affected the SMB protocol, while this new one (CVE-2022-37958) works in a broader range of network protocols, including SMTP and HTTP when SPNEGO web authentication is enabled.

Microsoft has a list with the different security updates covering from Windows 7 up to Windows 11. The update first appeared in September’s Patch Tuesday security updates and was deemed as “important”; however, after new information was discovered showing the attack potential of the vulnerability, it has been updated to “critical” by Microsoft with a severity rating of 8.1 (note that this is the same as EternalBlue, the exploit used by WannaCry).

While consumers usually have security updates on and applied by default, this isn’t the case for SMBs and bigger enterprises. This is due to the fact that a number of steps have to be taken in advance, such as ensuring compatibility with used applications. 

For SMBs and enterprises, the priority of patching this vulnerability must be increased, as all unpatched computers will be at risk if (when!) a new worm using this vulnerability is released.