The Most Comprehensive Data Protection Solution
Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.
First and Only Solution to Converge:
- Data Loss Prevention
- Endpoint Detection and Response
- User and Entity Behavior Analytics
Microsoft issued an out-of-band security update for a critical SMB bug (CVE-2020-0796) on Thursday.
As some expected, Microsoft on Thursday pushed out a patch for a vulnerability in the SMBv3 protocol that was disclosed earlier this week.
The fix, KB4551762, resolves CVE-2020-0796, a critical vulnerability in Microsoft's SMBv3 implementation. SMB, or Server Message Block, is a network file sharing protocol Windows primarily uses to share files, printers, and serial ports.
The vulnerability, a remote code execution vulnerability, could allow a remote attacker to exploit SMBv3, or 3.1.1, to take control of an affected system.
To exploit the vulnerability against a server, Microsoft says an attacker would just need to send a specially crafted packet to a targeted SMBv3 server. To exploit a client, an unauthenticated attacker would need to configure a malicious SMBv3 server and convince a user to connect to it.
There was concern earlier this week that the bug could be “wormable” a la the bugs that led to WannaCry, NotPetya, and BlueKeep if exploited after it went unpatched on Tuesday, when Microsoft issued an advisory.
As a workaround, Microsoft's advisory on the vulnerability, ADV200005, initially suggested disabling SMBv3 compression to block unauthenticated attackers from exploiting the vulnerability against an SMBv3 server with a PowerShell script.
Alternatively, Microsoft also suggested admins block TCP port 445 and preventing SMB traffic from lateral connections.
The vulnerability is present in 32- and 64-bit Windows 10 version 1903 and 1909 for desktops and servers.
Experts on Thursday pressed users to either update as soon as possible or apply the workaround.
We just released a patch for CVE-2020-0796 and it is available via all normal channels.
Please update ASAP or use the workaround information in ADV200005 to protect your networks.
— Nate Warfield (@n0x08) March 12, 2020