What you need to know
- Details about a vulnerability in the Microsoft Server Message Block leaked online recently.
- A patch for the bug is not included in Microsoft's March 2020 Patch Tuesday updates.
- While the bug is present, the exploit code was not leaked, meaning an attack is less likely.
Details of a vulnerability in the Microsoft Server Message Block (SMB) leaked recently. The bug is a wormable vulnerability and appeared in published summaries by cyber-security firms Cisco Talos and Fortinet. The bug, which is labeled, CVE-2020-0796, did not receive a patch in the Microsoft March 2020 Patch Tuesday updates, so it will be unpatched for at least a short period of time.
Fortinet states that the bug allows "Remote attackers [to] gain control of vulnerable systems." The full description explains how vulnerability is caused by an error when handling data packets:
While the bug is present and unpatched at the moment, the risk of an attack isn't high. ZDNet points out that while the details of the bug are online, no exploit code was leaked. Additionally, the bug only impacts SMBv3, which is only in the latest versions of Windows. Specifically, Windows 10 version 1903, Windows 10 version 1909, Windows Server version 1903, and Windows Server version 1909 are affected by the bug.
Microsoft did not respond to ZDNet for comment, and it's currently unclear how the leak happened. There's a chance that Microsoft sent out details about the bug to trusted partners and then removed the bug from its list with a short timeframe for companies like Cisco Talos and Fortinet to remove the details from security advisories.
It's also possible that the information was scraped by companies heading up to Patch Tuesday. If this is the case, it means the bug was going to be patched but wasn't. It would mean that Microsoft forgot to remove it from the Microsoft API serving Patch Tuesday details. ZDNet's Catalin Cimpanu reports that the API is down now.
When Cisco Talon listed the vulnerability, it stated that "Users are encouraged to disable SMBv3 compression and block TCP port 445 on firewalls and client computers."
Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at email@example.com (opens in new tab).
That is the most idiotic thing I've heard.. If you disable smb enterprise computers can't get gpos from the domain controllers...
Thank you for signing up to Windows Central. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.