What you need to know
- Details about a vulnerability in the Microsoft Server Message Block leaked online recently.
- A patch for the bug is not included in Microsoft's March 2020 Patch Tuesday updates.
- While the bug is present, the exploit code was not leaked, meaning an attack is less likely.
Details of a vulnerability in the Microsoft Server Message Block (SMB) leaked recently. The bug is a wormable vulnerability and appeared in published summaries by cyber-security firms Cisco Talos and Fortinet. The bug, which is labeled, CVE-2020-0796, did not receive a patch in the Microsoft March 2020 Patch Tuesday updates, so it will be unpatched for at least a short period of time.
Fortinet states that the bug allows "Remote attackers [to] gain control of vulnerable systems." The full description explains how vulnerability is caused by an error when handling data packets:
This indicates an attack attempt to exploit a Buffer Overflow Vulnerability in Microsoft SMB Servers. The vulnerability is due to an error when the vulnerable software handles a maliciously crafted compressed data packet. A remote, unauthenticated attacker can exploit this to execute arbitrary code within the context of the application.
While the bug is present and unpatched at the moment, the risk of an attack isn't high. ZDNet points out that while the details of the bug are online, no exploit code was leaked. Additionally, the bug only impacts SMBv3, which is only in the latest versions of Windows. Specifically, Windows 10 version 1903, Windows 10 version 1909, Windows Server version 1903, and Windows Server version 1909 are affected by the bug.
Microsoft did not respond to ZDNet for comment, and it's currently unclear how the leak happened. There's a chance that Microsoft sent out details about the bug to trusted partners and then removed the bug from its list with a short timeframe for companies like Cisco Talos and Fortinet to remove the details from security advisories.
It's also possible that the information was scraped by companies heading up to Patch Tuesday. If this is the case, it means the bug was going to be patched but wasn't. It would mean that Microsoft forgot to remove it from the Microsoft API serving Patch Tuesday details. ZDNet's Catalin Cimpanu reports that the API is down now.
When Cisco Talon listed the vulnerability, it stated that "Users are encouraged to disable SMBv3 compression and block TCP port 445 on firewalls and client computers."
Exclusive: The Falconeer is a chill blend of Star Fox and Sea of Thieves
We recently got to spend some time with the latest beta build for the Xbox Series X/S launch title - The Falconeer. Get your first look at some exclusive gameplay right here.
PS5 games prices are higher than Xbox — but is that a good thing?
Sony's PlayStation 5 reveal came with some big caveats, and one of the most overlooked ones is the fact that games will be more expensive, seemingly across the board. Should Microsoft and Xbox jump on that train as well?
Review: Gigabyte's Z490 AORUS ULTRA is a gorgeous Intel motherboard
Gigabyte's Z490 AORUS ULTRA is a motherboard you should consider for a 10th or 11th Gen Intel-powered PC. On paper, it has plenty going for it, including amazing power design and cooling, passively cooled M.2 slots and good overclocking support.
Secure your business with these Dell tools
Are you an IT professional or business owner that wants to heighten security? Dell Technologies has the products you need to keep your files, hardware, and more, as secure as possible.