Between Conficker and WannaCry, there was a nearly a decade when network worms went dark.
WannaCry changed that, riding into enterprises globally on the coattails of a leaked nation-state exploit. In the months since the May 12 ransomware attack, vendors, researchers and network admins have been on edge looking in corners and under couches for wormable bugs.
Last week’s Patch Tuesday updates from Microsoft included a critical Windows Search vulnerability that, in some corners, has raised eyebrows as to whether this is the next big one. All the pieces are there for someone to build a wormable exploit, but can it be done in a similar timeframe to WannaCry, and without an available NSA exploit, for example?
Full Article.
