Today, Microsoft released a patch for a vulnerability with the worm potential in the SMBv3 protocol, after warning of the security professionals this week.Earlier, we talked about the fact that the first March “update Tuesday” did not include a patch for the vulnerability CVE-2020-0796, information about which mistakenly published Cisco Talos and Fortinet experts in the public domain.
CVE-2020-0796 affects SMBv3 and Windows 10 v1903, Windows10 v1909, Windows Server v1903, Windows Server v1909 are also vulnerable to the bug. Let me remind you that the SMB protocol helped the distribution of WannaCry and NotPetya around the world a few years ago.
Kryptos Logic experts have already estimated that about 48,000 hosts with an open SMB port can be found on the Internet, which are vulnerable to potential attacks using a new bug.
“We’ve just finished our first internet wide scan for CVE-2020-0796 and have identified 48000 vulnerable hosts. We’ll be loading this data into Telltale for CERTs and organisations to action. We’re also working on a blog post with more details (after patch)”, — wrote Kryptos Logic experts.
According to Fortinet, the vulnerability is a buffer overflow on Microsoft SMB servers. The problem is reported to occur when the vulnerable software processes a maliciously packet of the compressed data.
A remote and unauthenticated attacker can use this to execute arbitrary code in the application context. A similar description of the problem was published and then removed from the Cisco Talos blog. The company claimed that “exploiting the vulnerability opens up systems for attacks with worm potential”, meaning the problem could easily spread from one victim to another.
Today it became known that due to this accidental leak of information, Microsoft engineers were forced to urgently prepare a patch. The hotfix is available as KB4551762 for Windows 10, versions 1903 and 1909, as well as Windows Server 2019 versions 1903 and 1909.
“While Microsoft was not initially planning to release fixes this month, the company was eventually forced to push today’s patch after the cat was out of the bag. The fix is available as KB4551762, an update for Windows 10, versions 1903 and 1909, and Windows Server 2019, versions 1903 and 1909”, — writes ZDNet periodical.
ZDNet journalists also noted that the fix appeared very on time, as several IS researchers already reported that it took them a few minutes to detect an error in the SMB driver code. Some experts even developed basic PoC exploits and published examples of their application.
User Review( votes)