Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Critical remote unauthenticated vulnerability in SMBv3

 

Systems Affected


Modern Windows system running SMBv3.1.1
  ✻  Windows 10 version 1903
  ✻  Windows 10 versions 1909
  ✻  Windows Server version 1903
  ✻  Windows Server version 1909

Threat Level


High


Overview


Microsoft SMBv3.1.1 is vulnerable for pre‐authentication remote code execution.


Description


This vulnerability allows an attacker to gain complete takeover of machines that exposed SMB serveries and this vulnerability acts like a worm and able to spread autonomously. A similar vulnerability which was in SMBv1 was responsible for the WannaCry ransomware, and this could lead to a similar type attack if it is not patched.
To compromise an SMB Server, what all is required is to connect to the SMB server and send a specially crafted packet. To inject a client, an attacker must convince a user to connect to a malicious file share.


Impact


  ✻  Execute arbitrary code
  ✻  Disruption of service
  ✻  Malware, ransomware infections


Solution/ Workarounds


  ✻  Apply the latest patch relevant to your version of Windows 10 or windows Server immediately - https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796
  ✻  If you are unable to apply the patch immediately then Sri Lanka CERT advises you:
    ✦  Disable SMBv3 compression
    ✦  Block TCP on port 445


References


  ✻  https://www.cert.govt.nz
  ✻  https://www.bleepingcomputer.com/news/security/microsoft-releases-kb4551762-security-update-for-smbv3-vulnerability/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.