The Industry’s Only SaaS-Delivered Enterprise DLP
Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.
No-Compromise Data Protection is:
- Cross Platform
- Flexible Controls
Microsoft issued an out-of-band security update for a critical SMB bug (CVE-2020-0796) on Thursday.
As some expected, Microsoft on Thursday pushed out a patch for a vulnerability in the SMBv3 protocol that was disclosed earlier this week.
The fix, KB4551762, resolves CVE-2020-0796, a critical vulnerability in Microsoft's SMBv3 implementation. SMB, or Server Message Block, is a network file sharing protocol Windows primarily uses to share files, printers, and serial ports.
The vulnerability, a remote code execution vulnerability, could allow a remote attacker to exploit SMBv3, or 3.1.1, to take control of an affected system.
To exploit the vulnerability against a server, Microsoft says an attacker would just need to send a specially crafted packet to a targeted SMBv3 server. To exploit a client, an unauthenticated attacker would need to configure a malicious SMBv3 server and convince a user to connect to it.
There was concern earlier this week that the bug could be “wormable” a la the bugs that led to WannaCry, NotPetya, and BlueKeep if exploited after it went unpatched on Tuesday, when Microsoft issued an advisory.
As a workaround, Microsoft's advisory on the vulnerability, ADV200005, initially suggested disabling SMBv3 compression to block unauthenticated attackers from exploiting the vulnerability against an SMBv3 server with a PowerShell script.
Alternatively, Microsoft also suggested admins block TCP port 445 and preventing SMB traffic from lateral connections.
The vulnerability is present in 32- and 64-bit Windows 10 version 1903 and 1909 for desktops and servers.
Experts on Thursday pressed users to either update as soon as possible or apply the workaround.
We just released a patch for CVE-2020-0796 and it is available via all normal channels.
Please update ASAP or use the workaround information in ADV200005 to protect your networks.
— Nate Warfield (@n0x08) March 12, 2020