Microsoft has released a Windows patch for a security vulnerability that enabled attackers to transfer malicious code from one machine to another if they had the vulnerability without the knowledge of the users.
The fix is available as KB4551762, an update for Windows 10, versions 1903 and 1909, and Windows Server 2019, versions 1903 and 1909.
“Customers who have already installed the updates released on March 10, 2020 for the affected operating systems should install KB4551762 to be protected from this vulnerability,” Microsoft said on Thursday.
The bug exists in the latest version of Window’s server message block, known as SMB, which lets Windows communicate with devices, like printers and file servers, on the network and across the Internet.
“A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client,” the company said in a statement.
The detail rated bug were released on Tuesday as part of the software giant’s typical monthly release of security patches, what it calls Patch Tuesday.
“To exploit the vulnerability against a server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 server. To exploit the vulnerability against a client, an unauthenticated attacker would need to configure a malicious SMBv3 server and convince a user to connect to it,” the company added.
The security update addresses the vulnerability by correcting how the SMBv3 protocol handles these specially crafted requests.