|
Systems Affected
Modern Windows system running SMBv3.1.1
✻ Windows 10 version 1903
✻ Windows 10 versions 1909
✻ Windows Server version 1903
✻ Windows Server version 1909
Threat Level
Overview
Microsoft SMBv3.1.1 is vulnerable for pre‐authentication remote code execution.
Description
This vulnerability allows an attacker to gain complete takeover of machines that exposed SMB serveries and this vulnerability acts like a worm and able to spread autonomously. A similar vulnerability which was in SMBv1 was responsible for the WannaCry ransomware, and this could lead to a similar type attack if it is not patched.
To compromise an SMB Server, what all is required is to connect to the SMB server and send a specially crafted packet. To inject a client, an attacker must convince a user to connect to a malicious file share.
Impact
✻ Execute arbitrary code
✻ Disruption of service
✻ Malware, ransomware infections
Solution/ Workarounds
✻ Apply the latest patch relevant to your version of Windows 10 or windows Server immediately - https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796
✻ If you are unable to apply the patch immediately then Sri Lanka CERT advises you:
✦ Disable SMBv3 compression
✦ Block TCP on port 445
References
✻ https://www.cert.govt.nz
✻ https://www.bleepingcomputer.com/news/security/microsoft-releases-kb4551762-security-update-for-smbv3-vulnerability/
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
|
