Microsoft leaks critical, remotely exploitable Windows bug

By

Raises spectre of new WannaCry style worm.

Microsoft has confirmed that there is a critical remotely exploitable vulnerability in the Systems Messaging Block version 3 file sharing protocol on its Windows 10 and Windows Server operating systems, with no security update available as of yet.

Microsoft leaks critical, remotely exploitable Windows bug

News of the vulnerability was leaked in the regular Patch Wednesday set of updates to security vendors taking part in the Microsoft Active Protections Program (MAPP) who disclosed it to the public.

This forced the software giant to urgently publish an advisory.

The flaw has been given the Common Vulnerabilities and Exposures index CVE-2020-0796 and allows remote, unauthenticated attackers to run arbitrary code on Windows systems to take full control of them by sending maliciously crafted data packets.

Microsoft's Platform Security Assurance and Vulnerability Research team said the flaw lies in how SMBv3 handles certain requests, and advised adminstrators to disable compression for the Windows file sharing protocol.

To disable SMBv3 compression on servers, administrators should use the below PowerShell command, Microsof said.

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force

Similarily, the workaround can be removed with the following PowerShell command:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 0 -Force

However, the workaround does not prevent exploitation of SMB clients, Microsoft warned.

For additional protection, Microsoft advised customers to block network connections to transmission control protocol (TCP) port 445 at enterprise firewalls.

Doing so affords only partial protection, as attacks from within enterprise network perimeters could still succed, Microsoft warned.

While Microsoft said it is not aware of public disclosure of the technical details of the bug or that it is being exploited in the wild, news of the vulnerability saw security researchers speculate that it could lead to self-propagating worm attacks spreading through networks.

In 2017, attackers released the WannaCry worm which deployed ransomware on vulnerable systems, causing millions of dollars in losses worldwide.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
malwaremicrosoftnotpetyasecuritywannacryworm

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?