Microsoft accidentally leaks unpatched wormable exploit in SMBv3 protocol

<p>Microsoft has accidentally leaked details on vulnerability in its SMBv3 protocol during their Patch Tuesday info&period; SMB stands for Server Message Block that is a protocol used for sharing access to files&comma; printers and other resources on the network&period;<&sol;p>&NewLine;<p><img class&equals;"alignnone size-full wp-image-3571" src&equals;"https&colon;&sol;&sol;www&period;wincert&period;net&sol;wp-content&sol;uploads&sol;2020&sol;03&sol;security-2688911&lowbar;640&period;jpg" alt&equals;"" width&equals;"640" height&equals;"359" &sol;><&sol;p>&NewLine;<p>Most likely Microsoft planned to release the patch for the <a href&equals;"https&colon;&sol;&sol;portal&period;msrc&period;microsoft&period;com&sol;en-US&sol;security-guidance&sol;advisory&sol;adv200005" target&equals;"&lowbar;blank" rel&equals;"noopener noreferrer">CVE-2020-0796 flaw<&sol;a> since it was included in the Microsoft API for the March 2020 Patch cycle&period; Unfortunately&comma; the fix was not released and there is no release date yet&period;<&sol;p>&NewLine;<p>Security researchers from <a href&equals;"https&colon;&sol;&sol;fortiguard&period;com&sol;encyclopedia&sol;ips&sol;48773" target&equals;"&lowbar;blank" rel&equals;"noopener noreferrer">Fortinet<&sol;a> explained that an unauthenticated attacker can possibly exploit this flaw to remotely execute arbitrary code within the context of the application&period; If exploited properly this vulnerability can make systems open to a &&num;8220&semi;wormable&&num;8221&semi; attack&comma; meaning that it could easily spread between machines&period;<&sol;p>&NewLine;<p>SMB is the protocol that was exploited by widely spread WannaCry and NotPetya ransomware viruses&period; Luckily no exploit code for CVE-2020-0796 has been released yet&period;<&sol;p>&NewLine;<p>Affected Windows versions of the CVE-2020-0796 vulnerability include <strong>Windows 10 v1903 and v1909<&sol;strong> and <strong>Windows Server v1903 &lpar;Core edition&rpar; and v1909 &lpar;Core edition&rpar;<&sol;strong>&period;<&sol;p>&NewLine;<p>Until the patch is released Microsoft recommends disabling SMBv3 compression on Servers with the following Powershell command&colon;<br &sol;>&NewLine;<strong><em>Set-ItemProperty -Path &&num;8220&semi;HKLM&colon;&bsol;SYSTEM&bsol;CurrentControlSet&bsol;Services&bsol;LanmanServer&bsol;Parameters&&num;8221&semi; DisableCompression -Type DWORD -Value 1 -Force<&sol;em><&sol;strong><&sol;p>&NewLine;<p>Along with this a <strong>TCP port 445 on the enterprise perimeter firewall<&sol;strong> should be blocked&period; <strong>TCP port 445<&sol;strong> is used to initiate a connection with the affected component&period;<&sol;p>&NewLine;<p>Microsoft urges customers to install the <a href&equals;"https&colon;&sol;&sol;portal&period;msrc&period;microsoft&period;com&sol;en-US&sol;security-guidance&sol;advisory&sol;adv200005" target&equals;"&lowbar;blank" rel&equals;"noopener noreferrer">updates for this vulnerability<&sol;a> as soon as they become available&period;<&sol;p>&NewLine;