Update Windows 10 Now to Block SMBGhost
When even the Department of Homeland Security’s Cyber and Infrastructure Security Agency gets nervous about your unpatched Windows 10 system, it might be time to make sure you download everything you need from Windows Update.
This time, the agency is responding to the emergence of new verification attacks related to the vulnerability discovered in March – yes, three months ago. The SMBGhost exploit exploits an issue with the Windows Server Message Blocking Protocol, which can give an attacker unrestricted access to run whatever they want on an infected machine. (This obviously includes servers, but also any unpatched clients connecting to one that has already been affected.)
And that’s not all, as TechCrunch’s Zach Whittaker describes:
Worse, because the code is “vulnerable to worms,” it can spread across networks, just as the attack programs extortionists NotPetya and WannaCry spread throughout the world, causing damage in the billions of dollars.
Despite the fact that Microsoft published the patch a few months ago, tens of thousands of computers connected to the Internet are still vulnerable, which requires recommendations.
All you have to do to stay safe is to install the latest updates for Windows 10. That’s it. It’s incredibly easy to do this on home machines – and indeed, they should already be updated if you’ve used them regularly and connected to the Internet.
But here’s the thing. If you’re running a version of Windows 10 earlier than version 1903 (released last May), you’re fine. Your operating system does not yet support SMBv3.1.1 compression, which is the source of the error used by SMBGhost.
So, in some weird way, no update kept you safe from this attack than installing a major update and getting lazy about rest. However, you should not continue this practice. It’s time to upgrade to the latest version of Windows – version 2004 at the time of this writing – and make sure you’re always up to date with Patch Tuesday updates and any other important unplanned updates.
But there is also a nuance here. As you undoubtedly know, Microsoft has some issues with various Windows 10 updates. So much so that it probably is n’t worth the time installing every single update that you may receive at the time of its release. As Woody Leonhard writes for Computerworld :
… from time to time we receive emergency fixes that require immediate attention, but they are extremely rare and always well known – usually within hours of release. We’ve seen this with Eternal Blue, Sasser, and a few lesser known security holes. Even so, it took the nerds weeks or months to transform the known vulnerability into a massive attack.
On the contrary, every month we see problems with patches. Blocked systems. Missing files. Encrypted applications. Undocumented and unannounced updates. If you are new to Windows patching problems and are convinced that you really should not expose your computer to Microsoft patches as soon as they are available, take a look at the three years issue reports submitted monthly to my Alert Patch Series .
If I were in your shoes – and I am doing this too – I would make sure that I am using at least Windows 1909 version. Then I would use its ability to pause Windows updates, which can be found through ” Settings”> “Update & Security” to keep your operating system from downloading and installing updates at the time they are released.
As for how long you should wait before installing it, it depends on you and the severity of the update in question. If the update fixes a zero-day exploit, you might be wrong and install it earlier; if this is a giant feature update, you can probably wait a week (or two weeks) to make sure no system bugs show up during the public launch of the update.
Is it taxed? Yes. Will you forget about it? Certainly. Do you remember that when you can’t figure out why your system was performing well on Tuesday and some terrible glitch clears up your throat on Wednesday morning? Now you will.
This brings us back to SMBGhost. At the very least, make sure you update Windows 10 with KB4551762 if you are using version 1903 or later. You can check if you have it by looking at your update history under Settings> Update & Security> View update history . It is also possible that the update may not appear – as is the case with my system, since I am currently using Windows 10 version 2004.