iTnews

Microsoft leaks critical, remotely exploitable Windows bug

By Juha Saarinen on Mar 11, 2020 12:32PM
Microsoft leaks critical, remotely exploitable Windows bug

Raises spectre of new WannaCry style worm.

Microsoft has confirmed that there is a critical remotely exploitable vulnerability in the Systems Messaging Block version 3 file sharing protocol on its Windows 10 and Windows Server operating systems, with no security update available as of yet.

News of the vulnerability was leaked in the regular Patch Wednesday set of updates to security vendors taking part in the Microsoft Active Protections Program (MAPP) who disclosed it to the public.

This forced the software giant to urgently publish an advisory.

The flaw has been given the Common Vulnerabilities and Exposures index CVE-2020-0796 and allows remote, unauthenticated attackers to run arbitrary code on Windows systems to take full control of them by sending maliciously crafted data packets.

Microsoft's Platform Security Assurance and Vulnerability Research team said the flaw lies in how SMBv3 handles certain requests, and advised adminstrators to disable compression for the Windows file sharing protocol.

To disable SMBv3 compression on servers, administrators should use the below PowerShell command, Microsof said.

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force

Similarily, the workaround can be removed with the following PowerShell command:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 0 -Force

However, the workaround does not prevent exploitation of SMB clients, Microsoft warned.

For additional protection, Microsoft advised customers to block network connections to transmission control protocol (TCP) port 445 at enterprise firewalls.

Doing so affords only partial protection, as attacks from within enterprise network perimeters could still succed, Microsoft warned.

While Microsoft said it is not aware of public disclosure of the technical details of the bug or that it is being exploited in the wild, news of the vulnerability saw security researchers speculate that it could lead to self-propagating worm attacks spreading through networks.

In 2017, attackers released the WannaCry worm which deployed ransomware on vulnerable systems, causing millions of dollars in losses worldwide.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
malwaremicrosoftnotpetyasecuritysmbv3wannacryworm

Partner Content

Alienated from your own data? You’re not alone
Promoted Content Alienated from your own data? You’re not alone
Security through visibility: supporting Essential Eight cyber mitigation strategies
Promoted Content Security through visibility: supporting Essential Eight cyber mitigation strategies
Security "mindset shift" needed to protect organisations
Promoted Content Security "mindset shift" needed to protect organisations
Top 5 Benefits of Managed IT Services
Promoted Content Top 5 Benefits of Managed IT Services

Sponsored Whitepapers

Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership
Don’t pay the ransom: A three-step guide to ransomware protection
Don’t pay the ransom: A three-step guide to ransomware protection

Events

  • iTnews Benchmark Awards 2022 - Finalist Showcase
  • 11th Annual Fraud Prevention Summit 2022
  • IoT Impact Conference
  • Cyber Security for Government Summit
By Juha Saarinen
Mar 11 2020
12:32PM
0 Comments

Related Articles

  • Microsoft observes destructive malware in Ukraine govt agency systems
  • Microsoft security patches breaking authentication
  • Google adds phishing protection to Workspace apps
  • Microsoft fixes remote code exec bug in Azure database connector
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Kmart Australia stands up consent-as-a-service platform

Kmart Australia stands up consent-as-a-service platform
NSW digital driver's licences 'easily forgeable'

NSW digital driver's licences 'easily forgeable'
Kmart Australia re-platforms ecommerce site to AWS

Kmart Australia re-platforms ecommerce site to AWS
NBN Co's 250Mbps and gigabit growth is finally clear

NBN Co's 250Mbps and gigabit growth is finally clear

Digital Nation

COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
Metaverse hype will transition into new business models by mid decade: Gartner
Metaverse hype will transition into new business models by mid decade: Gartner
Case Study: PlayHQ leverages graph technologies for sports administration
Case Study: PlayHQ leverages graph technologies for sports administration
The other ‘CTO’: The emerging role of the chief transformation officer
The other ‘CTO’: The emerging role of the chief transformation officer
As NFTs gain traction, businesses start taking early bets
As NFTs gain traction, businesses start taking early bets
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.