What you need to know
- Details about a vulnerability in the Microsoft Server Message Block leaked online recently.
- A patch for the bug is not included in Microsoft's March 2020 Patch Tuesday updates.
- While the bug is present, the exploit code was not leaked, meaning an attack is less likely.
Details of a vulnerability in the Microsoft Server Message Block (SMB) leaked recently. The bug is a wormable vulnerability and appeared in published summaries by cyber-security firms Cisco Talos and Fortinet. The bug, which is labeled, CVE-2020-0796, did not receive a patch in the Microsoft March 2020 Patch Tuesday updates, so it will be unpatched for at least a short period of time.
Fortinet states that the bug allows "Remote attackers [to] gain control of vulnerable systems." The full description explains how vulnerability is caused by an error when handling data packets:
This indicates an attack attempt to exploit a Buffer Overflow Vulnerability in Microsoft SMB Servers. The vulnerability is due to an error when the vulnerable software handles a maliciously crafted compressed data packet. A remote, unauthenticated attacker can exploit this to execute arbitrary code within the context of the application.
While the bug is present and unpatched at the moment, the risk of an attack isn't high. ZDNet points out that while the details of the bug are online, no exploit code was leaked. Additionally, the bug only impacts SMBv3, which is only in the latest versions of Windows. Specifically, Windows 10 version 1903, Windows 10 version 1909, Windows Server version 1903, and Windows Server version 1909 are affected by the bug.
Microsoft did not respond to ZDNet for comment, and it's currently unclear how the leak happened. There's a chance that Microsoft sent out details about the bug to trusted partners and then removed the bug from its list with a short timeframe for companies like Cisco Talos and Fortinet to remove the details from security advisories.
It's also possible that the information was scraped by companies heading up to Patch Tuesday. If this is the case, it means the bug was going to be patched but wasn't. It would mean that Microsoft forgot to remove it from the Microsoft API serving Patch Tuesday details. ZDNet's Catalin Cimpanu reports that the API is down now.
When Cisco Talon listed the vulnerability, it stated that "Users are encouraged to disable SMBv3 compression and block TCP port 445 on firewalls and client computers."
Fix up your Xbox Elite Controller with these parts
Need some replacement parts for your Xbox One Elite Controller? From new paddles, grips, bumpers, thumbsticks, and more, we have you covered.
Hands-on with Windows 10 build 20161 showcasing the new Start menu
Yesterday, Microsoft released a new build of Windows 10 that includes an updated Start menu design with translucent Live Tiles, improvements to Notifications, and behavior changes to things like Tablet Mode and the Taskbar. It's been a while since Microsoft released a build with any surface-level changes, but now it's finally happened, we're back showcasing all the changes on video.
Everything we know about 'Xbox Series S' Lockhart
The Xbox Series X is getting a baby brother in the form of a console codenamed Lockhart, most likely to be called Xbox Series S. Here's what we know so far.
Secure your business with these Dell tools
Are you an IT professional or business owner that wants to heighten security? Dell Technologies has the products you need to keep your files, hardware, and more, as secure as possible.