Bitvise Winsshd 848 Exploit Updated -

: The primary fix is to upgrade to Bitvise SSH Server version 9.32 or newer, which implements Strict Key Exchange . Security and Functional Fixes in Version 8.48

: Use the BssCfg utility or the Control Panel to disable ChaCha20-Poly1305 and any MAC algorithms ending in -etm . bitvise winsshd 848 exploit

If you cannot immediately upgrade from version 8.48, you can reduce your attack surface by following the Bitvise Security Guide : : The primary fix is to upgrade to

: In previous versions, if an SCP upload encountered a write error or failed to set file time, the file transfer subsystem would abort abruptly. Version 8.48 corrected this to ensure errors are reported properly without crashing the subsystem. Version 8

Version 8.48 was released on May 24, 2021, and primarily focused on improving reliability and fixing edge-case crashes: