Critical Windows code-execution vulnerability went undetected until now [Ars Technica]
![Skull and crossbones in binary code](https://i0.wp.com/cdn.arstechnica.net/wp-content/uploads/2021/04/GettyImages_SkullCrossbonesBinaryComputerScreen-CROPPED-800x472.jpeg?resize=800%2C472&ssl=1)
Enlarge (credit: Getty Images)
Researchers recently discovered a Windows code-execution vulnerability that has the potential to rival EternalBlue, the name of a different Windows security flaw used to detonate WannaCry, the ransomware that shut down computer networks across the world in 2017.
Like EternalBlue, CVE-2022-37958, as the latest vulnerability is tracked, allows attackers to execute malicious code with no authentication required. Also, like EternalBlue, it’s wormable, meaning that a single exploit can trigger a chain reaction of self-replicating follow-on exploits on other vulnerable systems. The wormability of EternalBlue allowed WannaCry and several other attacks to spread across the world in a matter of minutes with no user interaction required.
But unlike EternalBlue, which could be exploited when using only the SMB, or server message block, a protocol for file and printer sharing and similar network activities, this latest vulnerability is present in a much broader range of network protocols, giving attackers more flexibility than they had when exploiting the older vulnerability.
Read 6 remaining paragraphs | Comments