The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

Microsoft Patches SMBv3 Bug

by Chris Brook on Thursday March 12, 2020

Contact Us
Free Demo
Chat

Microsoft issued an out-of-band security update for a critical SMB bug (CVE-2020-0796) on Thursday.

As some expected, Microsoft on Thursday pushed out a patch for a vulnerability in the SMBv3 protocol that was disclosed earlier this week.

The fix, KB4551762, resolves CVE-2020-0796, a critical vulnerability in Microsoft's SMBv3 implementation. SMB, or Server Message Block, is a network file sharing protocol Windows primarily uses to share files, printers, and serial ports.

The vulnerability, a remote code execution vulnerability, could allow a remote attacker to exploit SMBv3, or 3.1.1, to take control of an affected system.

To exploit the vulnerability against a server, Microsoft says an attacker would just need to send a specially crafted packet to a targeted SMBv3 server. To exploit a client, an unauthenticated attacker would need to configure a malicious SMBv3 server and convince a user to connect to it.

There was concern earlier this week that the bug could be “wormable” a la the bugs that led to WannaCry, NotPetya, and BlueKeep if exploited after it went unpatched on Tuesday, when Microsoft issued an advisory.

As a workaround, Microsoft's advisory on the vulnerability, ADV200005, initially suggested disabling SMBv3 compression to block unauthenticated attackers from exploiting the vulnerability against an SMBv3 server with a PowerShell script.

Alternatively, Microsoft also suggested admins block TCP port 445 and preventing SMB traffic from lateral connections.

The vulnerability is present in 32- and 64-bit Windows 10 version 1903 and 1909 for desktops and servers.

Experts on Thursday pressed users to either update as soon as possible or apply the workaround.

Tags: Vulnerabilities

Recommended Resources


  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • How to simplify the classification process
  • Why classification is important to your firm's security
  • How automation can expedite data classification

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.