Tens of thousands – perhaps hundreds of thousands — of Windows 10 users are vulnerable to a “wormable bug” so serious it has been given the highest score possible of the Common Vulnerability Scoring System.
Although Microsoft issued a fix for the bug in March, Homeland Security’s Cybersecurity and Infrastructure Security Agency issued an alert warning of the potential risk to systems that have not installed the fix.
Commonly referred to as SMBGhost, the vulnerability in Windows 10 systems was recently shown to be exploitable. That could give hackers complete access to the computer and, because the vulnerability is considered “wormable,” the exploit code can spread throughout a network, infecting all connected Windows 10 systems.
By default, Windows 10 automatically checks and installs updates. Home and small business users should already have the patch installed. You can check by following the directions from Microsoft.
However, estimates of the unprotected PCs range from the tens of thousands into the hundreds of thousands. For these systems, the risk of being successfully attacked and having the exploit spread is what prompted the Homeland Security warning. The agency warned that “Malicious cyber actors are targeting unpatched systems.”
In 2017, a wormable bug lead to the WannaCry ransomware spread, which disrupted businesses, government and transportation, and in the UK forced hospitals to halt activities and even turn patients away. Microsoft had issued a patch for the hacking tools that had been developed and stolen from the National Security Agency, but millions did not install it, leading to the disruption and damages worldwide estimated in the billions.