Executive Summary

Microsoft has recently (10 March 2020) leaked the information of the upcoming patch, which affects only Windows 10 and Windows Server 2016 or maybe other newer versions.

This vulnerability affects Windows 10 and potential Windows Server 2016 and Windows Server 2019. It allows malicious users or hackers to enter the vulnerable servers and workstations to perform any action including malicious attack and ransomware. At the time of drafting this alert, Microsoft has withdrawn a previously leaked information of this vulnerability. The withdrawn information, however, provided only a partial picture and direction of their vulnerability research As Microsoft plans to release a patch in the upcoming March patch update, that means this unpatched vulnerability is NOW at a zero-day (0day) state.

It is highly probable that the open nature of this 0day vulnerability will invite waves of 0day attacks in the coming few days before the official system patch is released. We strongly advice clients to review their current cybersecurity system configurations to prevent any such insidious attackers from entering your valued data assets.

By Mr. Windham Wong, OSCP, OSWE 

#cybersecurity #Microsoft #Windows #windows10 #malicious #ransomware #configurations