11 March 2020

Microsoft discloses a new wormable Win SMBv3 CVE-2020-0796 flaw


Microsoft discloses a new wormable Win SMBv3 CVE-2020-0796 flaw

Microsoft has published an advisory containing info about a new critical vulnerability (CVE-2020-0796) in the Microsoft Server Message Block (SMB) protocol which can be used to remotely execute code on the target SMB Server or SMB Client.

According to Microsoft, the vulnerability exists due to the way the SMBv3 protocol handles certain requests.

“To exploit the vulnerability against an SMB Server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 Server. To exploit the vulnerability against an SMB Client, an unauthenticated attacker would need to configure a malicious SMBv3 Server and convince a user to connect to it,” the advisory reads.

The CVE-2020-0796 flaw affects the following products:

  • Windows 10 Version 1903 for 32-bit Systems

  • Windows 10 Version 1903 for ARM64-based Systems

  • Windows 10 Version 1903 for x64-based Systems

  • Windows 10 Version 1909 for 32-bit Systems

  • Windows 10 Version 1909 for ARM64-based Systems

  • Windows 10 Version 1909 for x64-based Systems

  • Windows Server, version 1903 (Server Core installation)

  • Windows Server, version 1909 (Server Core installation)

While the tech giant did not share info on when the patch for CVE-2020-0796 will be available, the company provided a workaround to protect servers against exploitation attempts.

Users can disable SMBv3 compressionon SMBv3 servers with this PowerShell command (no reboot required, does not prevent the exploitation of SMB clients):

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force

Users can disable the workaround using the following PowerShell command:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 0 -Force

Back to the list

Latest Posts

Free VPN apps on Google Play turned Android devices into residential proxies

Free VPN apps on Google Play turned Android devices into residential proxies

The threat actor behind this scheme profits by selling access to the residential proxy network to third parties.
28 March 2024
Cyber spies strike Indian government and energy sectors

Cyber spies strike Indian government and energy sectors

The operation involved phishing emails delivering the HackBrowserData info-stealer.
28 March 2024
Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

97 zero-day flaws were exploited in-the-wild in 2023, marking an increase of over 50% compared to 2022.
27 March 2024