Microsoft urgently fixes the flaw in SMBv3

Read Time:1 Minute, 14 Second

Despite the Tuesday patch, Microsoft has just urgently released a patch for the flaw in SMBv3.

Microsoft to publish

Microsoft’s response was quick, urgently releasing a patch for the vulnerability found in the Server Message Block (SMBv3) protocol. It allows the sharing of resources on local networks with Windows PCs. The flaw was inadvertently released by Microsoft and raised concerns that it could be exploited.

CVE-2020-0796 addresses how SMBv3 handles certain requests. An unauthenticated attacker can exploit the flaw by sending a crafted packet to the vulnerable SMBv3 server. The goal for the cybercriminal is to gain complete control of the compromised system and execute malicious code. Note that this flaw mainly affects users of Windows 10 and Server Core in versions 1903 and 1909.

A minimum fix

Hotfix KB4551762 which was released urgently should address the concerns. Earlier this week, the publisher advised disabling compression for SMBv3 and blocking TCP port 445 at the perimeter firewall. The Redmond firm specifies that this patch prevents exploitation on the server side, but does not guarantee protection on vulnerable SMB clients. Knowing that to exploit an SMB client, the attacker would have to set up a malicious SMB server and convince users to connect to it.

A flaw in the SMB protocol awakens bad memories, as it was the source of the EternalBlue exploit (from the NSA) used in the Wannacry and NotPetya campaign. It is therefore not surprising that the researchers have nicknamed the vulnerability affecting SMBv3, EternalDarkness.

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %
Cyberattack Disrupts Gasoline Distribution In Iran Previous post Cyberattack disrupts gasoline distribution in Iran
When Linus Torvalds Rails Against The 80 Character Limit Next post When Linus Torvalds rails against the 80-character limit