STE WILLIAMS

Thought you were done after Tuesday’s 115-fix day? Not yet: Microsoft emits crisis SMBv3 worm-cure patch

Microsoft has released an out-of-band emergency patch for a wormable remote-code execution hole in SMBv3, the Windows network file system protocol.

On Thursday morning, Redmond emitted the update to Server Message Block 3.1.1 to kill off a critical flaw word of which leaked out inadvertently this week.

Designated CVE-2020-0796, the bug can be exploited by an unauthenticated attacker to execute malicious code, at administrator level, on an un-patched system simply by sending the targeted system specially crafted compressed data packets. A hacker thus just needs to reach a vulnerable machine on the internet or network to fully compromise it.

Windows 10 32 and 64-bit systems running Windows 10 v1903, Windows 10 v1909, Windows Server v1903, and Windows Server v1909 need to get patched right now. This flaw is wormable, in that once a box has been hijacked, it can automatically seek out more victims to infect and spread across the globe.

“While we have not observed an attack exploiting this vulnerability, we recommend that you apply this update to your affected devices with priority,” Microsoft says of the update.

Windows 10 by Anton Watman, image via Shutterstock

Stuck at home? Need something to keep busy with? Microsoft has 115 ideas – including an awful SMBv3 security hole to worry about

READ MORE

The SMB bug fix was a late addition to Microsoft’s March edition of Patch Tuesday – after the security hole was accidentally disclosed by the Cisco Talos research team in a blog post recapping this month’s updates: Cisco thought Microsoft had fixed the bug this week as part of March’s Patch Tuesday, and alerted the world to the bug’s presence to get people to install their updates. In reality, Microsoft hoped to patch the hole later this year, no patch was available, and now everyone knew there was a hole in the compression part of the SMBv3 code.

The revelation sent Microsoft scrambling to post a fix for the flaw just hours after it had emitted updates for 115 other CVE-listed security vulnerabilities.

Designed to allow shared access to files, printers, and hardware ports, SMBv3 is a network protocol included in desktop and server editions of Windows. The bug was particularly nasty as it did not require user interaction and thus could have been exploited by a worm to spread over an entire network.

“If you are running Windows 10, versions 1903/1909 or Windows Server, version 1903/1909 and have automatic updates enabled, you are automatically protected and do not need to take any further action,” Microsoft said.

“If you are managing updates on behalf of your organization, you should download the latest updates from the Microsoft Security Update Guide and apply those updates to your Windows.” ®

Sponsored:
Quit your addiction to storage

Article source: https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/03/12/smb_patch_microsoft/

  • 12/03/2020
  • adm
Comments are closed.