SMB
New GhostLock tool abuses Windows API to block file access
A security researcher has released a proof-of-concept tool named GhostLock that demonstrates how a legitimate Windows file API can be abused in attacks to block access to files stored locally or on SMB network shares. This technique, created by Kim Dvash of Israel Aerospace Industries, abuses the Windows ‘CreateFileW‘ API and file-sharing modes to prevent other users and […]
Microsoft says Windows September updates break SMBv1 shares
Microsoft has confirmed that the September 2025 Windows security updates are causing connection issues to Server Message Block (SMB) v1 shares. The list of platforms affected by this known issue is quite extensive, as it includes both client (Windows 11 24H2/23H2/22H2 and Windows 10 22H2/21H2) and server (Windows Server 2025 and Windows Server 2022) platforms. […]
QNAP patches second zero-day exploited at Pwn2Own to get root
QNAP has released security patches for a second zero-day bug exploited by security researchers during last week’s Pwn2Own hacking contest. This critical SQL injection (SQLi) vulnerability, tracked as CVE-2024-50387, was found in QNAP’s SMB Service and is now fixed in versions 4.15.002 or later and h4.15.002 and later. The zero-day flaw was patched one week after […]