The vulnerability impacts Windows 10 and Windows Server, including the latest builds, and possibly also earlier versions of Windows considering SMBv3 was introduced in Windows 8 and Windows Server 2012. The danger here is that an attacker could abuse the bug by sending a specially crafted packet to an SMBv3 server. What makes this even more grave is that such an attack can spread from one victim to another. Remote attackers can gain full system control via this attack vector.
At the moment, there is no fix from Microsoft. The software giant does offer some mitigation advice. You can disable SMBv3 compression and block TCP port 445 until there's a fix.
"An attacker could exploit this bug by sending a specially crafted packet to the target SMBv3 server, which the victim needs to be connected to," Cisco Talos explained in their Microsoft Patch Tuesday report — this was later removed by the Talos security experts.
"The exploitation of this vulnerability opens systems up to a 'wormable' attack, which means it would be easy to move from victim to victim," they also added.
CVE-2020-0796 - a "wormable" SMBv3 vulnerability.
— MalwareHunterTeam (@malwrhunterteam) March 10, 2020
Great...
???? pic.twitter.com/E3uPZkOyQN
Via: BleepingComputer