When was the last time you applied a Windows 10 security patch?

If you haven't patched since March 10th, it would be an excellent idea to do so as quickly as possible. Recently, the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) issued a dire warning concerning a newly discovered security flaw.

The flaw is known as SMBGhost or its more colorful name, "Eternal Darkness". It was discovered by security analysts and a crude proof of concept created by a researcher who goes by the online alias of 'Chompie.'

Although the proof of concept was pieced together quickly and is not well optimized, it works and allows for fairly consistent remote code execution. That is a fancy way of saying that hackers can use the exploit to compromise machines connected to the internet without being in close physical proximity.

As Chompie reports

"This has not been tested outside of my lab environment. It was written quickly and needs some work to be more reliable. Using this for any purpose other than self-education is an extremely bad idea. Your computer will burst in flames. Puppies will die."

Although the flaw isn't quite that bad, it poses some serious concerns for IT Security Professionals. The good news is that although Windows 10 builds 1903 and 1909 are both vulnerable, older and newer versions of Windows 10 are not. So if you're running either of the above, patch now to avoid the possibility of seeing your system compromised.

According to the DHS warning

"Malicious cyber actors are targeting unpatched systems with the new PoC (Proof of Concept) according to recent open-source reports. CISA strongly recommends using a firewall to block SMB ports from the internet and to apply patches to critical- and high-severity vulnerabilities as soon as possible."

Our perspective

Make sure this one's high on your list of priorities.

~ As Hill Street Blues' Sgt. Esterhaus always advised: "Hey, let's be careful out there! " ~


The author

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available on LinkedIn, Facebook, and Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT SupportI am Denis Wilson, President and Principal Consultant for DWP Information Architects. I build people / process / technology solutions to create better business outcomes for smaller enterprises in Los Angeles. I have created cost-effective personal service automation solutions, for over 20 years, specializing in reliability, cybersecurity, and regulatory compliance. I am also a published author and speaker, working extensively with business and professional associations to provide small business technology education programs.

Contact me if you would like me to speak at your association