Back in March, Windows made a super-fast update available that caused all sorts of problems for users. But one thing was sure – its intentions were good. The exploit, SMBGhost, is known by many names, and it ended up using the Microsoft Server Message block known as SMB (not the old one, but also the newer versions) to be compromised. The exploit goes by many surnames, but it literally allows you not even to know that you’re getting a virus installed on your computer and then spread it to your entire network. The worst part? You don’t even have to do anything, and it is all done remotely as you get your system controlled remotely as well.
Table of Contents
What is this Exploit?
The exploit is known popularly as SMBGhost, but it also goes by names such as CoronaBlue, NexternalBlue, BluesDay, DeepBlue 3, Redmond Drift, and a few others. It is very much like the previous exploit malware known as WannaCry (as a matter of fact, it injects the same virus into a person’s computer). It’s been said that it affects systems that are running the Windows 10 versions 1903 and 1909. Still, there is proof available on many places that even install the Windows Development build (as part of the Windows Developer Program) – version 2004.
Fortunately, Microsoft has already released a patch for versions 1903 and 1909, but not for the development build versions. This is a severe flaw, though, and it can’t be left unprotected. The other downside is that the emergency update KB 4551762 was causing many issues with people’s computers. From processor and disk usage skyrocketing (slowing down their computers) down to having problems installing, adding the dreaded “black screen of death” before Windows login again, and even complete computer crashes. Some people also receive the blue screen of death (known as system failure or hard drive failure) due to the update after installing, forcing many users to remove the patch.
If an Update is Useless, What Now?
Many antivirus and internet security programs work pretty well to block these attacks and disconnect them at the source. However, while some people haven’t noticed these attacks and exploits being used, it doesn’t mean their systems aren’t vulnerable. There are even multiple ways that people can get rid of the possibility of an attack to a certain extent on their own or have their managed service provider do it for them.
One way is to block port 445 altogether from incoming and outgoing traffic. You also need to make sure that you have your system blocking anything that allows remote desktop connections. This can be a downside to businesses that rely on this, though. The other way you can do this is by having your IT company install extra security measures and even provide you with some local cloud hosting, so you can ensure that all of your pertinent data is safe.
You can try to install the Windows Update, and if you are running version 2004, you can rollback (as long as it’s within two weeks). If you have gone past that time limit, though, you’ll have to do a completely fresh install of Windows v1909 or 1903 to remove the Development Build and then make sure you’re disconnected from the Windows Insider program.
SMBGhost and the Final Conclusion: Fixing Software
One of the biggest problems that people have had with the SMBGhost exploit is with Microsoft Excel and Microsoft Office programs. These programs are top-rated, and they are in almost every business in some way, shape, or form. Even companies full of Mac computers may have some Microsoft Office programs installed onto them. And with the current trend, Windows Phones and other phones with Microsoft Office have this problem.
However, if you keep your software up to date and trust what we told you, your chances of being infected by SMBGhost are significantly reduced. Also, make sure you hire an excellent team of IT and VoIP specialists to give you the best security possible, and you’ll be just fine!