|
[Update March 12, 2020] Microsoft released patches for the affected systems: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796 -- SMB has already been a targeted protocol several times and it came back today in stage with a new CVE: CVE-2020-0796. This time, version 3 of the protocol is affected by a remote code execution vulnerability. The SMB protocol was enhanced multiple times by Microsoft and more features were added. The one that is targeted today seems to be the data compression. At this time, Microsoft did not release information and no patch is available. What do we know? Affected Windows versions:
The victim's computer can be compromised by exposing a vulnerable SMBv3 resource in the wild but a client might be affected just by visiting a malicious SMBv3 server. Both clients and servers are affected! How to protect your resources?
The Powershell workaround is: Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force` We will continue to update this diary based on the information collected. [1] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv200005 Xavier Mertens (@xme) |
Xme 697 Posts ISC Handler Mar 12th 2020 |
| Thread locked Subscribe |
Mar 12th 2020 2 years ago |
|
Thank you!
|
Anonymous |
| Quote |
Mar 11th 2020 2 years ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
