The Department of Homeland Security’s cybersecurity advisory division has warned Windows 10 users of the possibility of a wave of cyberattacks due to the recent publication of an exploit code.
The Cybersecurity and Infrastructure Security Agency (CISA) said there is publicly available and functional proof-of-concept (PoC) code that exploits CVE-2020-0796 in unpatched systems.
A Github user published the proof-of-concept exploit code Monday. On unpatched systems, the code potentially could spread to millions of computers. In the hands of malicious actors, the losses could be massive, with estimates ranging from billions to tens of billions of dollars.
Although Microsoft disclosed and provided updates for this vulnerability in March 2020, malicious cyber actors are targeting unpatched systems with the new PoC, according to recent open-source reports.
CISA strongly recommends using a firewall to block SMB ports from the internet and to apply patches to critical- and high-severity vulnerabilities as soon as possible.