iTnews

Microsoft leaks critical, remotely exploitable Windows bug

By Juha Saarinen on Mar 11, 2020 12:32PM
Microsoft leaks critical, remotely exploitable Windows bug

Raises spectre of new WannaCry style worm.

Microsoft has confirmed that there is a critical remotely exploitable vulnerability in the Systems Messaging Block version 3 file sharing protocol on its Windows 10 and Windows Server operating systems, with no security update available as of yet.

News of the vulnerability was leaked in the regular Patch Wednesday set of updates to security vendors taking part in the Microsoft Active Protections Program (MAPP) who disclosed it to the public.

This forced the software giant to urgently publish an advisory.

The flaw has been given the Common Vulnerabilities and Exposures index CVE-2020-0796 and allows remote, unauthenticated attackers to run arbitrary code on Windows systems to take full control of them by sending maliciously crafted data packets.

Microsoft's Platform Security Assurance and Vulnerability Research team said the flaw lies in how SMBv3 handles certain requests, and advised adminstrators to disable compression for the Windows file sharing protocol.

To disable SMBv3 compression on servers, administrators should use the below PowerShell command, Microsof said.

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force

Similarily, the workaround can be removed with the following PowerShell command:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 0 -Force

However, the workaround does not prevent exploitation of SMB clients, Microsoft warned.

For additional protection, Microsoft advised customers to block network connections to transmission control protocol (TCP) port 445 at enterprise firewalls.

Doing so affords only partial protection, as attacks from within enterprise network perimeters could still succed, Microsoft warned.

While Microsoft said it is not aware of public disclosure of the technical details of the bug or that it is being exploited in the wild, news of the vulnerability saw security researchers speculate that it could lead to self-propagating worm attacks spreading through networks.

In 2017, attackers released the WannaCry worm which deployed ransomware on vulnerable systems, causing millions of dollars in losses worldwide.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
malware microsoft notpetya security smbv3 wannacry worm

Partner Content

IT’s control over digital infrastructure is slipping, reports The Economist Intelligence Unit
Promoted Content IT’s control over digital infrastructure is slipping, reports The Economist Intelligence Unit
Coates develops innovative tool to increase productivity on industrial job sites
Promoted Content Coates develops innovative tool to increase productivity on industrial job sites
How UniSuper used BiZZdesign to accelerate its digital transformation
Promoted Content How UniSuper used BiZZdesign to accelerate its digital transformation
Kick the tyres of AI systems using real world data at #BuildWithAI Hack 2021
Promoted Content Kick the tyres of AI systems using real world data at #BuildWithAI Hack 2021

Sponsored Whitepapers

Understanding the next security control points: applications and workloads
Understanding the next security control points: applications and workloads
Best security practices after rapid Digital Transformation
Best security practices after rapid Digital Transformation
The CISO View 2021 Survey: Zero Trust and Privileged Access
The CISO View 2021 Survey: Zero Trust and Privileged Access
How and why to backup your Office 365 tenant
How and why to backup your Office 365 tenant
ForgeRock for Australia’s Trusted Digital Identity Framework (TDIF)
ForgeRock for Australia’s Trusted Digital Identity Framework (TDIF)

Events

  • SAP e'ffect 2021
  • #DevDay
By Juha Saarinen
Mar 11 2020
12:32PM
0 Comments

Related Articles

  • FireEye, GoDaddy and Microsoft flick SolarWinds SUNBURST 'killswitch'
  • Microsoft pushes patch for exploited flaw in on-prem Exchange
  • Facebook can pursue malware lawsuit against NSO Group
  • Microsoft to work with US community colleges to fill 250,000 cyber jobs
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Perth Mint CIO leaves after five months

Perth Mint CIO leaves after five months
Microsoft becomes 'certified strategic' cloud provider

Microsoft becomes 'certified strategic' cloud provider
Telcos get new powers to block malicious SMS scams at scale

Telcos get new powers to block malicious SMS scams at scale
Aussie Broadband makes formal $344m bid for Over The Wire

Aussie Broadband makes formal $344m bid for Over The Wire

Digital Nation

COVER STORY: Automation drives marketing success but complexity torments delivery
COVER STORY: Automation drives marketing success but complexity torments delivery
Case Study: Keeping CPA's board up to date about cybersecurity risks
Case Study: Keeping CPA's board up to date about cybersecurity risks
Fringe innovation unlocks power of diverse thinking
Fringe innovation unlocks power of diverse thinking
Case Study: Intrepid Group uses global travel shutdown to reimagine HR function
Case Study: Intrepid Group uses global travel shutdown to reimagine HR function
Catastrophic governance failures are rooted in organisational culture
Catastrophic governance failures are rooted in organisational culture
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.