Microsoft accidentally reveals Windows SMBv3 has wormable bug

Posted on Wednesday, March 11 2020 @ 11:50 CET by Thomas De Maesschalck
MsFT logo
Together with the release notes of this month's dose of Patch Tuesday, Microsoft accidentally revealed that there's a serious security vulnerability in the Server Message Block 3.0 (SMBv3) network communication protocol.

The vulnerability impacts Windows 10 and Windows Server, including the latest builds, and possibly also earlier versions of Windows considering SMBv3 was introduced in Windows 8 and Windows Server 2012. The danger here is that an attacker could abuse the bug by sending a specially crafted packet to an SMBv3 server. What makes this even more grave is that such an attack can spread from one victim to another. Remote attackers can gain full system control via this attack vector.

At the moment, there is no fix from Microsoft. The software giant does offer some mitigation advice. You can disable SMBv3 compression and block TCP port 445 until there's a fix.
"An attacker could exploit this bug by sending a specially crafted packet to the target SMBv3 server, which the victim needs to be connected to," Cisco Talos explained in their Microsoft Patch Tuesday report — this was later removed by the Talos security experts.

"The exploitation of this vulnerability opens systems up to a 'wormable' attack, which means it would be easy to move from victim to victim," they also added.

Via: BleepingComputer

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments