One of the easiest ways to protect your devices is to make sure operating systems, apps and other software are always up to date. That’s because most updates contain critical patches that block hackers from exploiting known flaws.
Unfortunately, Microsoft has continued to release problematic Windows 10 updates this year and many people are too scared to install them. One recent update was so glitchy it was causing some users to see the dreaded Blue Screen of Death. Tap or click here for details on how to fix that issue.
Despite those justified fears, a bug has just been discovered that is so potentially harmful, everyone needs to update their Windows machine immediately. It’s so bad that the Department of Homeland Security is actually urging people to make sure your systems are up to date.
Urgent Windows 10 patch available
The Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) wants everyone to update their Windows 10 systems ASAP because an exploit code for a wormable bug was posted online last week. That code, known as SMBGhost, is specifically found in the server message block (SMB) which lets Windows communicate with other devices like your printer.
You may also like: This photo spreading on social media will brick your phone
What makes this security flaw particularly scary is that once a hacker takes advantage of it, they have total access to your device and can run malicious code remotely. They can infect your machine with any number of payloads including malware and ransomware.
Not only that, but SMBGhost is wormable, meaning the code can spread across the network once one device connected to it is infected.
So, anyone connected to the same network is at risk. We’ve seen wormable threats in the past, including WannaCry ransomware that quickly spread across the globe a few years ago. Tap or click here for details on damage caused by WannaCry and how to protect against it.
How to update Windows and protect against SMBGhost
The reason CISA is urging everyone to update Windows is the fact that SMBGhost can be spread quickly and easily. The agency put out the following statement on SMBGhost:
“The Cybersecurity and Infrastructure Security Agency (CISA) is aware of publicly available and functional proof-of-concept (PoC) code that exploits CVE-2020-0796 in unpatched systems.
Although Microsoft disclosed and provided updates for this vulnerability in March 2020, malicious cyber actors are targeting unpatched systems with the new PoC, according to recent open-source reports. CISA strongly recommends using a firewall to block SMB ports from the internet and to apply patches to critical- and high-severity vulnerabilities as soon as possible.”
As CISA said, Microsoft issued a patch for this vulnerability in March of 2020. But, if you haven’t updated Windows in months, now is the time to do it. Make sure you have installed KB4551762 to be protected from this vulnerability.
You may also like: This nasty trick scams ransomware victims looking for help
Most Windows machines are set to download and install updates automatically by default. If you haven’t changed your automatic update settings then you should be fine.
However, if you’ve turned automatic updates off, you can update Windows manually. Just click on the start menu in the lower left corner, open Settings > Update & Security > Check for updates. If there is an update available, click Download & install.
You may need to restart your system after installation is complete. Once your system has been rebooted the update installation is complete and you’re protected from this nasty bug. Now we just need Microsoft to produce more stable updates in the future so users aren’t too afraid to install them. We can only dare to dream.