No less than WannaCry, security experts discover worm vulnerabilities on Microsoft Win10 / Win11 03/26 Update SLTechnology News&Howtos

No less than WannaCry, security experts discover worm vulnerabilities on Microsoft Win10 / Win11

2025-03-26 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > IT Information >

Shulou(Shulou.com)11/24 Report--

CTOnews.com, December 21 (Xinhua)-- Cyber security experts have discovered a code execution vulnerability on the Windows platform, which is as dangerous as the EternalBlue / WannaCry vulnerability that ravaged the world in 2017. The vulnerability tracking number is CVE-2022-37958 and allows an attacker to execute arbitrary malicious code without authentication.

The figure source ogita is the same as EternalBlue, this vulnerability can also launch worm attacks. This means that hackers can use this vulnerability to trigger self-replication and subsequent cascading attacks on other unfixed system devices. In other words, in the absence of user interaction, hackers can take advantage of this vulnerability to quickly infect other devices.

CTOnews.com learned that unlike EternalBlue, which only uses the SMB protocol (a protocol for file and printer sharing and similar network activities), the new vulnerability can use more network protocols. Valentina Palmiotti, an IBM security researcher who discovered vulnerabilities in code execution, said in an interview:

An attacker can trigger this vulnerability by bypassing any authenticated Windows application protocol. For example, the vulnerability can be triggered by trying to connect to a SMB share or through remote desktops. Other examples include Microsoft IIS servers exposed on the Internet and SMTP servers with Windows authentication enabled. Of course, this vulnerability can also quickly infect internal networks.

Microsoft has fixed CVE-2022-37958 in a security fix released on Tuesday in its monthly patch in September. CVE-2022-37958 exists in SPNEGO extension negotiation, a security mechanism abbreviated as NEGOEX that allows clients and servers to negotiate authentication methods. For example, when two machines connect using remote desktops, SPNEGO allows them to negotiate the use of authentication protocols such as NTLM or Kerberos.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.