A potentially devastating “Wormable” flaw could unleash the same havoc that erupted with WannaCry, wreaking destruction across the globe.
This groundbreaking vulnerability has the potential to upend Windows security on millions of computers. There is no official name for the flaw. But there is a fix available right now – and researchers are advising organizations and companies to jump at this opportunity and install the patches before they suffer damaging repercussions.
Alarm bells are ringing as security researchers have recently discovered a new and potentially even more destructive vulnerability than EternalBlue. If not rectified quickly, the repercussions could be dire! The security world still shudders with fear when recalling the wreckage that EternalBlue caused in 2017, as the vulnerability discovered and stored by the National Security Agency (NSA) was furtively exploited to launch digital attacks worldwide through WannaCry and NotPetya.
CVE-2022-37958, this newly discovered vulnerability, possesses the same characteristics as EternalBlue and gives attackers access to execute malicious code without authentication. Not only is this bug dangerous, but it has the capability of self-propagation to infiltrate other vulnerable systems. This attribute is exactly what allowed WannaCry and similar 2017 attacks to spread so rapidly.
In contrast to EternalBlue, CVE-2022-37958 is significantly more threatening as it does not only apply to the Server Message Block (SMB) protocol. It further resides within SPNEGO Extended Negotiation, a method used by client and server software for selecting the ideal security technology.
Luckily, SPNEGO enables a client device and an online server to determine the authentication protocol they’ll employ; extending beyond SMB, this encompasses protocols such as RDP, SMTP, and HTTP.
Unlike EternalBlue, the vulnerability of CVE-2022-37958 has already been addressed with a practical solution that has been available for three months now, effectively reducing and assuaging any danger posed by this security breach.
In September 2022, Microsoft addressed the bug with its monthly patch Tuesday in a move that was classified by their analysts as “important” due to the potential disclosure of confidential information. However, upon further review of the code, they reassessed CVE-2022-37958. They granted it a critical tag along with an 8.1 severity rating – identical to that of EternalBlue – making this patch even more significant for safety purposes.
Unfortunately, the already available patch could be a source of frustration rather than an advantage.
Valentina Palmiotti, an IBM security researcher, has observed that many organizations are often slow to deploy patches for major vulnerabilities, such as MS17-010 exploited with EternalBlue. They might take months to patch their systems and even have difficulty recognizing which of their devices is connected to the internet when trying to update them.
The dangers remain lurking in countless Windows systems, from the old Windows 7 to present-day models.