While organizations are still reeling from the effects of the widespread WannaCry ransomware attack, security researchers have now discovered an exploit capable of reeking havoc of a similar magnitude. Yes, the vulnerability that was disclosed by the Department of Homeland Security on Wednesday has the potential to affect tens of thousands of computers potentially vulnerable to an attack.
The vulnerability has been discovered in a widely popular networking software, called Samba, which is employed to helps Windows PCs connect to Linux servers. Speaking to Reuters, cyber security firm Rapid7 disclosed that more than 100,000 computers run the vulnerable versions of the Samba software. It has been assigned the ID CVE-2017-7494 label and is being termed as a ‘remote code execution from a writable share,’ meaning hackers can take control over your system with just a single line of code.
This is just a calculated guess and more computer can be affected by this exploit, says Rebekah Brown of Rapid7. But, this isn’t the primary concern of the cybersecurity firm, they’re more worried about the same being exploited to again cause widespread panic as most users are running unsupported versions — whose patch will be delivered late. Also, some of the systems from this pool belong to organizations and tech giants while others are home users.
If this vulnerability is as lethal as the WannaCry ransomware created using the EternalBlue bug discovered in NSA’s hacking tools dump by Shadow Brokers then it means it has the potential of taking over around 3 lakh computers across 150 countries — similar to the number of systems affected by the aforementioned ransomware, which locked away Windows PCs (mainly those powered by Windows 7) and demanded Bitcoins in ransom to unlock the same.
Samba was made aware of the problem about a day ago and it has already made a patch available for existing versions. But, this is a condition similar to what Microsoft was plagued with and had to face ramifications in the form of WannaCry ransomware attack. It also has several unsupported versions and will need to be patched through an update to prevent even a single hacking attempt. The company released the following statement via its security advisory:
All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
A patch addressing this defect has been posted. Additionally, Samba 4.6.4, 4.5.10 and 4.4.14 have been issued as security releases to correct the defect. Samba vendors and administrators running affected versions are advised to upgrade or apply the patch as soon as possible.
You can download the patch for the aforementioned versions from right here and other can either update their firmware or wait for their security update. They can also apply the workaround provided by the engineers at Samba and requires you to add a “nt pipe support = no” parameter to the global section of your smb.conf file and restart smbd. It will protect your PC from being accessed by hackers remotely.