Microsoft has confirmed that there is a critical remotely exploitable vulnerability in the Systems Messaging Block version 3 file sharing protocol on its Windows 10 and Windows Server operating systems, with no security update available as of yet.
News of the vulnerability was leaked in the regular Patch Wednesday set of updates to security vendors taking part in the Microsoft Active Protections Program (MAPP) who disclosed it to the public.
This forced the software giant to urgently publish an advisory.
The flaw has been given the Common Vulnerabilities and Exposures index CVE-2020-0796 and allows remote, unauthenticated attackers to run arbitrary code on Windows systems to take full control of them by sending maliciously crafted data packets.
Microsoft's Platform Security Assurance and Vulnerability Research team said the flaw lies in how SMBv3 handles certain requests, and advised adminstrators to disable compression for the Windows file sharing protocol.
To disable SMBv3 compression on servers, administrators should use the below PowerShell command, Microsof said.
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force
Similarily, the workaround can be removed with the following PowerShell command:
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 0 -Force
However, the workaround does not prevent exploitation of SMB clients, Microsoft warned.
For additional protection, Microsoft advised customers to block network connections to transmission control protocol (TCP) port 445 at enterprise firewalls.
Doing so affords only partial protection, as attacks from within enterprise network perimeters could still succed, Microsoft warned.
While Microsoft said it is not aware of public disclosure of the technical details of the bug or that it is being exploited in the wild, news of the vulnerability saw security researchers speculate that it could lead to self-propagating worm attacks spreading through networks.
In 2017, attackers released the WannaCry worm which deployed ransomware on vulnerable systems, causing millions of dollars in losses worldwide.