Threat Advisory: Critical Patch Released for ‘Wormable’ SMBv3 Vulnerability
March 13, 2020
Overview
Days after Microsoft’s March 2020 patch Tuesday, they have released a patch for a recent SMBv3 vulnerability (CVE-2020-0796). The Server Message Block (SMB) is a protocol used by file sharing, network browsing, printing services, and interprocess communication over a network. SMB-based exploits have previously been used in high-profile ransomware infections such as WannaCry and NotPetya.
Technical Details
This vulnerability can be exploited on SMBv3 Servers by an unauthenticated attacker sending a specially crafted packet to the targeted server. Exploiting against an SMBv3 Client involves the attacker configuring a malicious SMBv3 Server and convincing users to connect to it. Successful exploitation of this vulnerability grants the attacker the ability to execute code on the targeted server or client.
- Affected versions: Windows 10 1903/1909 and Windows Server 1903/1909.
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv200005
- https://thehackernews.com/2020/03/patch-wormable-smb-vulnerability.html
- https://thehackernews.com/2020/03/smbv3-wormable-vulnerability.html
To learn more about how Herjavec Group can help you secure your environment, please connect with us.