Microsoft has released security updates to address the CVE-2020-0796 vulnerability in SMBv3 protocol that could be exploited by
On March 10, 2019, Microsoft accidentally leaked info on a security update for a
The issue, tracked as CVE-2020-0796, is pre- remote code execution vulnerability that resides in the Server Message Block 3.0 (SMBv3) network communication protocol, the IT giant will not address the issue as part of the March 2020 Patch Tuesday.
Technical details of the CVE-2020-0796 vulnerability have been disclosed, but security firms Cisco Talos and Fortinet published a description of the issue on their websites.
The vulnerability is caused by an error in the way SMBv3 handles maliciously crafted compressed data packets, a remote, unauthenticated attacker could exploit the flaw to execute arbitrary code within the context of the application.
“This indicates an attack attempt to exploit a Buffer Overflow Vulnerability in Microsoft SMB Servers. The vulnerability is due to an error when the vulnerable software handles a maliciously crafted compressed data packet. A remote, unauthenticated attacker can exploit this to execute arbitrary code within the context of the application.” reads the advisory published by Fortinet.
The CVE-2020-0796 vulnerability affects devices running Windows 10 Version 1903, Windows Server Version 1903 (Server Core installation), Windows 10 Version 1909, and Windows Server Version 1909 (Server Core installation). According to Fortinet other Microsoft versions should be affected.
Microsoft has released the KB4551762 update for Windows 10, versions 1903 and 1909, and Windows Server 2019, versions 1903 and 1909.
The update addresses the CVE-2020-0796 vulnerability in the Server Message Block.
Users are recommended to install the updates as soon as possible, in case for some reason it is not possible they can refer mitigation advice published by Microsoft.
Microsoft did not plan release fixes for the issue this month, but evidently the accidental disclosure of the flaw forced the IT giant to release the patch today.
Some researchers also developed PoC exploit code that could crash the vulnerable machines.
Researchers at security firm Kryptos Logic has found 48,000 hosts online that had the SMB port exposed to the