CVE-2022-24508 Windows SMBv3 Client/Server Remote Code Execution Vulnerability.

CVE-2022-24508 Windows SMBv3 Client/Server Remote Code Execution Vulnerability.

If you use Windows as a server, you should patch your OS immediately, even if it’s not running any critical applications. The same goes for Linux-based servers. The SMBv3 protocol is very insecure, and it’s recommended that you use another protocol like NFS instead. Please note that this issue is only painful if you run a server. In case of a client, no action is required. Microsoft released a patch for this issue on March 28. Unfortunately, in most cases the patch is not being applied because of compatibility issues with some applications. Let’s take a look at two such applications, and how you can protect them against the vulnerability. VLC Media Player and Transmission Both of these applications are very popular, and they’re used on many servers. These servers are vulnerable to this issue, as they don’t have the necessary patch applied. Therefore, if you run a server, make sure that the server is patched against the vulnerability.

VLC Media Player

VLC Media Player is a very popular media player on Windows and Linux. It’s recommended that you use VLC as your media player, and it should be running the latest version of the software. This will prevent this issue from happening again. You can also protect yourself with a firewall to prevent attackers from getting in to your system, but for servers, it’s not necessary.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe