Microsoft has acknowledged a new critical vulnerability affecting the SMBv3 protocol (a network file sharing protocol that allows applications on a computer to read and write to files and to request services from servers) on recent versions of Windows 10, which could allow attackers to execute code remotely on an SMB Server or Client. In a security advisory published yesterday, the company explained that the vulnerability affects the versions 1903 and 1909 of Windows 10 and Windows Server, though it hasn’t been exploited yet.
Microsoft is aware of a RCE vulnerability in the way that the SMBv3 protocol handles certain requests. If you wish to be notified when updates for this vulnerability are available, please follow the guidance in the advisory linked here: https://t.co/x5Z658xQ6t
— Security Response (@msftsecresponse) March 10, 2020
“To exploit the vulnerability against an SMB Server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 Server. To exploit the vulnerability against an SMB Client, an unauthenticated attacker would need to configure a malicious SMBv3 Server and convince a user to connect to it,” the company explained.
Even though there’s no fix for this vulnerability yet, the software giant recommends IT admins to disable SMBv3 compression to prevent attackers to exploit the vulnerability against an SMB Server. You can learn more about this workaround on this page.
It’s pretty curious to see Microsoft announce a new critical vulnerability that hasn’t been fixed in the monthly “Patch Tuesday” updates released on the same day, but we hope a fix will be available shortly. In the meantime, you can subscribe to Microsoft’s Security Notification Service to get an email once the Security Advisory for this security flaw has been updated.
