Microsoft has unintentionally revealed the presence of a wormable exploit within the SMBV3 protocol throughout their Patch Tuesday infodump, however with out releasing a patch for a similar flaw, leaving all latest installations susceptible.
Affected PCs of the CVE-2020-0796 vulnerability embrace Windows 10 v1903, Windows10 v1909, Windows Server v1903, and Windows Server v1909.
It is suspected that Microsoft was planning to launch a patch this Patch Tuesday, however pulled it on the final minute, however nonetheless included the small print of the flaw of their Microsoft API, which some antivirus distributors scrape and subsequently publish. That API is presently down, and distributors comparable to Cisco Talos who revealed particulars have now deleted their studies.
SMB is identical protocol as exploited by the WannaCry and NotPetya ransomware however fortunately on this event, no exploit code has been launched.
Full particulars of the flaw haven’t been revealed, however it’s understood to be a buffer overflow within the Microsoft SMB Server that happens “…due to an error when the vulnerable software handles a maliciously crafted compressed data packet.” Security firm Fortinet notes “a remote, unauthenticated attacker can exploit this to execute arbitrary code within the context of the application.”
No patch has been launched, however there may be some mitigation obtainable.
In their unpublished recommendation Cisco Talos’ advised:
“Users are encouraged to disable SMBv3 compression and block TCP port 445 on firewalls and client computers.”