
close
close
As part of Patch Tuesday in March, Microsoft released a security advisory detailing a remote code execution (RCE) flaw in Server Message Block (SMB) version 3.1.1. SMB is the protocol Windows uses for shared network access to file servers, printers, and serial ports. The bug could let an attacker exploit the way SMBv3 handles requests to run code on a target SMB Server or SMB Client.
Microsoft considered the issue serious enough to release an out-of-band patch (KB4551762) to fix the vulnerability later the same month. The bug, which is sometimes referred to as SMBGhost, only affects Windows 10 versions 1903 and 1909. Microsoft said:
advertisment
To exploit the vulnerability against an SMB Server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 Server. To exploit the vulnerability against an SMB Client, an unauthenticated attacker would need to configure a malicious SMBv3 Server and convince a user to connect to it.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published a warning June 5th that unpatched Microsoft systems could be vulnerable to SMBGhost (CVE-2020-0796). CISA is aware of functional, publicly available proof-of-concept (Poc) code that exploits SMBGhost in unpatched systems.
CISA goes on to say that hackers are targeting unpatched Microsoft systems with the new code. In addition to making sure that SMB ports are not exposed to the public Internet, system administrators should apply KB4551762 to vulnerable systems as soon as possible.
SMBGhost is a buffer overflow vulnerability in the SMB Server component of Windows. Unpatched systems are vulnerable to ‘wormable’ attack. That means the bug could be used to move laterally from one device to another. Much in the same way that WannaCry and NotPetya infected thousands of systems around the world in 2017.
advertisment
It’s not clear whether the patch disables SMB compression or fixes the bug. But Microsoft says that while newer versions of Windows 10 support SMB compression, it is not used by Windows. So, disabling SMB compression has no negative impact. But as with all updates, you should test it before deploying the patch to production systems.
The update applies to Windows 10 1903, 1909, and Windows Server 1903 and 1909. Windows Server 2016 and Windows Server 2019 are not affected by this vulnerability. Older versions of Windows are also not affected because they don’t support SMB compression.
The update is available via the usual channels: Windows Update and Microsoft Update; Microsoft Update Catalog; Windows Server Update Services (WSUS).
The Microsoft Update Catalog can be used to download the update as a standalone package. Organizations using WSUS will see the updated synchronized automatically if product category Windows 10, version 1903 and later security updates are enabled.
advertisment
More from
advertisment
Petri Newsletters
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.
advertisment
More in Windows Server
Microsoft Releases Out-Of-Band Patches to Fix Windows AD Authentication Issues
May 20, 2022 | Rabia Noureen
CISA Warns Windows Admins Against Applying May Patch Tuesday Updates on Domain Controllers
May 17, 2022 | Rabia Noureen
Microsoft Confirms May 2022 Patch Tuesday Updates Cause AD Authentication Issues
May 12, 2022 | Rabia Noureen
Microsoft to Disable SMB1 File-Sharing Protocol By Default on Windows 11
Apr 20, 2022 | Rabia Noureen
Microsoft Defender for Endpoint Adds Support for Windows Server 2012 R2 and 2016
Apr 14, 2022 | Rabia Noureen
Most popular on petri
Log in to save content to your profile.
Article saved!
Access saved content from your profile page. View Saved
Join The Conversation
Create a free account today to participate in forum conversations, comment on posts and more.
Copyright ©2019 BWW Media Group