A newly found flaw in widely used networking software leaves tens of thousands of computers potentially vulnerable to an attack similar to that caused by the recent WannaCry malware, cyber-security researchers warned on Thursday.
Rebekah Brown of Rapid7, a cyber-security firm, told Reuters that there were no signs yet of attackers exploiting the vulnerability in the 12 hours since its discovery was announced.
But she said it had taken researchers only 15 minutes to develop malware that made use of the hole. “This one seems to be very, very easy to exploit,” she said.
Rapid7 said it had found more than 100,000 computers running vulnerable versions of the software, Samba, free networking software developed for Linux and Unix computers.
There are likely to be many more, the company told Reuters in response to emailed questions.
The US Department of Homeland Security on Wednesday announced the vulnerability, which could be exploited to take control of an affected computer, and urged users and administrators to apply a patch.
The vulnerability could potentially be used to create a worm like the one which allowed WannaCry to spread so quickly, infecting more than 300,000 computers worldwide, according to Brown.
Cyber-security researchers have said they believe North Korean hackers were behind the WannaCry malware, which encrypted data on victims’ computers and demanded bitcoin in return for a decryption key.