Windows 10 vulnerable to dangerous 'worm' attack — DHS urges you to patch your PC ASAP

Windows 10
(Image credit: yougoigo/Shutterstock)

If you haven't patched your Windows systems since March 10, better do so now, warns the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency.

That's because new proof-of-concept code was released last week that exploits a flaw -- known as SMBGhost or, um, Eternal Darkness -- in the Server Message Block (SMB) protocol that Microsoft patched March 12, two days after its regular March Patch Tuesday round. 

The flaw affects Windows 10 builds 1903 and 1909, but older or newer versions of Windows 10 are not vulnerable. A truly successful exploit of SMBGhost would create an unrestricted "worm" that could spread through the internet on its own, similar to the WannaCry ransomware worm of 2017.

"Malicious cyber actors are targeting unpatched systems with the new PoC [proof-of-concept], according to recent open-source reports," the CISA advisory, released June 5, warns. "CISA strongly recommends using a firewall to block SMB ports from the internet and to apply patches to critical- and high-severity vulnerabilities as soon as possible."

This isn't the first proof-of-concept to exploit the SMBGhost flaw, and it doesn't even work that well yet. But it permits fairly consistent remote code execution, i.e., hacking over the internet, which puts it one step closer to a worldwide worm. 

"This has not been tested outside of my lab environment. It was written quickly and needs some work to be more reliable," wrote the proof-of-concept's developer, who calls herself Chompie, in a GitHub posting. "Using this for any purpose other than self-education is an extremely bad idea. Your computer will burst in flames. Puppies will die."

Chompie provided a video demonstrating the exploit, in which a Mac uses it to hack a PC.

Will Dormann, a vulnerability analyst at the Pentagon-funded CERT Coordination Center at Carnegie Mellon University in Pittsburgh, said that Chompie's exploit code was "not completely reliable, but ... does indeed work!"

The very fact that even partly working network-jumping exploits of SMBGhost are out there -- and that bad guys may be using it, per CISA -- means that any Windows 10 1903 or 1909 build that hasn't installed the March patch is vulnerable to attack from the internet.

The solution, obviously, is to install the stand-alone patch that Microsoft issued March 12. You could also just upgrade to Windows 10 build 2004, which is being rolled out to PCs now. And, if you can, set your firewall to externally block port 445. (We've got instructions here.)

In theory, you ought to install all Microsoft security patches as soon as they are issued. But that often creates its own set of problems, especially for enterprises with dozens or hundreds of PCs being patched at once.

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

Latest in Windows Operating Systems
Microsoft Office is finally as it should have been on iPad
Microsoft tests free Word, PowerPoint and Excel apps for Windows — expect a lot of ads
laptop anger
Latest Windows 11 update reportedly breaking major parts of the operating system
Windows 10 logo
Windows 10 end of life set for this year — everything you need to know to get ready
Windows 11 logo on a laptop screen
I reviewed Windows 11, and these are the 5 new features I'm most excited about for 2025
A Windows 11 laptop, demonstrating how to run Android apps on Windows 11
How to remove the Windows 11 news and weather widget
Man typing on Windows 11 laptop
Microsoft confirms major Windows 11 and Windows 10 audio bug is cutting sound on PCs
Latest in News
iPhone 17 Air render
iPhone 17 Air — new survey could be bad news for Apple's super thin iPhone
Segway g30lp
Segway recalls 220,000 electric scooters - what to do if yours is on the list
Samsung Galaxy S25 Ultra vs S25 Plus vs S25
Satellite messaging on Google Pixel 9 and Samsung Galaxy S25 just landed on 3 more carriers
L-R: Claude (Marco Calvani), Danny (Colman Domingo), Kate (Tina Fey) and Jack (Will Forte) have their bags packed for Netflix's "The Four Seasons"
Netflix just teased a new comedy series starring Tina Fey, Steve Carrell and Colman Domingo — and we already have a release date
back of Iris Pixel 9a
The Google Pixel 9a is lacking one of the Pixel 9’s best safety features — here’s what we know
Razer Blade
Nvidia's DLSS 4 demo in a Razer Blade 16 with RTX 5090 gives me hope again for next-gen gaming laptops