Patching Against the Next WannaCry Vulnerability (CVE-2017-8620)

August 21, 2017

This month’s Microsoft patch updates include one particular vulnerability that is raising concerns: CVE-2017-8620, which affects all versions of Windows from 7 onwards. Microsoft explained, “in an enterprise scenario, a remote unauthenticated attacker could remotely trigger the vulnerability through an SMB connection and then take control of a target computer.”

In short, this is a wormable bug affecting all supported versions of Windows. The parallels with the WannaCry and NotPetya vulnerabilities are clear — indeed, Check Point described CVE-2017-8620 as ‘The Next WannaCry Vulnerability’. All that is currently missing is full disclosure of the vulnerability and a usable exploit (WannaCry and NotPetya exploited the leaked NSA exploit known as EternalBlue).

Read More on Security Week