A NEWLY DISCOVERED VULNERABILITY could be used by a worm similar to the one which spread the WannaCry ransomware earlier this month.
The US Department of Homeland Security said this week that the flaw, in free Linux and Unix networking software Samba, could be exploited to gain control of affected computers. Unlike WannaCry, most of the vulnerable machines belong to home users.
Reuters talked to cybersecurity firm Rapid7, which said that it had found more than 104,000 computers running vulnerable versions of Samba, adding that there could be many more. Almost 90 per cent were running older versions that could not be patched.
Although there are no signs of attackers exploiting Samba yet, Rapid7 said that it had successfully built malware that would do so in just 15 minutes. In a blog post, the firm suggested that some users may be running Samba without realising it.
What's more, Rapid7 also warns that many enterprise backup systems use Samba to send data to NAS or other types of backup servers.
"A direct attack or worm would render those backups almost useless, so if patching cannot be done immediately, we recommend creating an offline copy of critical data as soon as possible," Rapid7's Jen Ellis writes.
The Samba team has released a security update that addresses the flaw in all versions of the programme from 3.5.0 onwards. As a workaround, users can add the parameter ‘nt pipe support = no' to the [global] section of smb.conf, and restart Samba. Doing so prevents clients from accessed any named pipe endpoints. However, this can disable some functionality for Windows clients.
WannaCry is encryption-based ransomware that was spread through an NSA tool called EternalBlue, leaked by the Shadow Brokers hacking group. It became big news for affecting NHS computer systems but spread through many other corporate networks before being brought under control. µ
Could face hefty fines and ban in Russia if it fails to comply
What next?! Self-driving planes... oh wait
It's expected to last for 'a number of weeks'