Windows has a new wormable vulnerability, and there’s no patch in sight - Critical bug in Microsoft's SMBv3 implementation published under mysterious circumstances.

[FlappyBat]

Windows has a new wormable vulnerability, and there’s no patch in sight

Critical bug in Microsoft's SMBv3 implementation published under mysterious circumstances.

Windows has a new wormable vulnerability, and there’s no patch in sight

Critical bug in Microsoft's SMBv3 implementation published under mysterious circumstances.

arstechnica.com

Windows has a new wormable vulnerability, and there’s no patch in sig…

archived 11 Mar 2020 20:20:03 UTC

archive.li

Word leaked out on Tuesday of a new vulnerability in recent versions of Windows that has the potential to unleash the kind of self-replicating attacks that allowed the WannaCry and NotPetya worms to cripple business networks around the world.

The vulnerability exists in version 3.1.1 of the Server Message Block, the service that’s used to share files, printers, and other resources on local networks and over the Internet. Attackers who successfully exploit the flaw can execute code of their choice on both servers and end-user computers that use the vulnerable protocol, Microsoft said in this bare-bones advisory.

The flaw, which is tracked as CVE-2020-0796, affects Windows 10, versions 1903 and 1909 and Windows Server versions 1903 and 1909, which are relatively new releases that Microsoft has invested huge amounts of resources hardening against precisely these types of attacks. Patches aren’t available, and Tuesday’s advisory gave no timeline for one being released. Asked if there was a timeline for releasing a fix, a Microsoft representative said, “Beyond the advisory you linked, nothing else to share from Microsoft at this time.”

Spoiler: Microsoft Advisory

ADV200005 | Microsoft Guidance for Disabling SMBv3 Compression

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv200005

http://archive.vn/hJQaG

Microsoft is aware of a remote code execution vulnerability in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target SMB Server or SMB Client.

To exploit the vulnerability against an SMB Server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 Server. To exploit the vulnerability against an SMB Client, an unauthenticated attacker would need to configure a malicious SMBv3 Server and convince a user to connect to it.

We will update this advisory when updates are available. If you wish to be notified when this advisory is updated, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.

----------

I'm assuming the rule on not copying articles does not extend to stuff like the Microsoft security advisory.

 

[Vecr]

Apparently the Linux SMB implementation is okay.

 

[The Fool]

Isn't SMB disabled by default and MS even says you just shouldn't turn it on? I can't recall. Or maybe that was 1.0? Either way I don't see any SMB features enabled on my system and I didn't disable any.

 

[Ira the Weatherman]

'Drop Windows 7 immediately, we're stopping support!', they said. 'Your PC won't be safe unless you switch to 10!', they said.

 

[FlappyBat]

Isn't SMB disabled by default and MS even says you just shouldn't turn it on? I can't recall. Or maybe that was 1.0? Either way I don't see any SMB features enabled on my system and I didn't disable any.

One of the issues is certain programs might require it being open. I wasnt able to confirm, but a guy on HackerNews is saying Azure Files (a Microsoft product) opens you up to the vulnerability.

 

[Marco Fucko]

Windows, WOOOOOOOOOOOOOOOOOOOOOOOOOOO!

 

[Coffee Shits]

Isn't SMB disabled by default and MS even says you just shouldn't turn it on? I can't recall. Or maybe that was 1.0? Either way I don't see any SMB features enabled on my system and I didn't disable any.

I believe they don't recommend opening it to the wider internet because it's a chatty protocol, not so much that's it's a vulnerable one.

 

[The Last Stand]

Good thing I have a Mac.

 

[Celebrate Nite]

Microsoft keeps fucking up their OS...

...and in other news, bears still shit in the woods

 

[⠠⠠⠅⠑⠋⠋⠁⠇⠎ ⠠⠠⠊⠎ ⠠⠠⠁ ⠠⠠⠋⠁⠛]

I believe they don't recommend opening it to the wider internet because it's a chatty protocol, not so much that's it's a vulnerable one.

More because there is no reason to have an SMB share open to the entire internet and it is far worse to deal with over higher than 200ms links than the likes of FTP or WebDAV would be.

One of the issues is certain programs might require it being open. I wasnt able to confirm, but a guy on HackerNews is saying Azure Files (a Microsoft product) opens you up to the vulnerability.

Oh wow. If so, that's pretty retarded.

In any case.. this is an issue that could allow the further spread of an infection within corporate and government networks. But not a good way to actually get in in the first place.

I'm sure there are probably heaps of Windows 2000 and XP industrial computers attached directly to the internet in the US with port 445 open, running nuclear power plants and stuff like that, but they don't support SMBv3 and no home or business router is going to be set up to forward 445 to internal computers on a network.

This may not even be an issue for infection within your local network if you're on a home network where you don't have network shares explicitly set up, although it should be a wake up call to any sysadmin dealing with domain networks who hasn't thought about how internal traffic should be locked down.

 

[Foxxo]

Aw heck, I just updated. How much did the U.S. government pay Microsoft this time?

 

[Coffee Shits]

Aw heck, I just updated. How much did the U.S. government pay Microsoft this time?

I can say with certainty that the NSA has Microsoft on retainer.

 

[Tookie]

Isn't SMB disabled by default and MS even says you just shouldn't turn it on? I can't recall. Or maybe that was 1.0? Either way I don't see any SMB features enabled on my system and I didn't disable any.

That's SMBv1. SMBv2 is enabled by default and you would have to dig through PowerShell or the Registry to disable it. This vulnerability effects v3 and I'm not even sure if that can be disabled or not.

 

[CrunkLord420]

It's unclear if this affects Windows 7 as well, but if it does I'm really curious to see if Microsoft patches it. If they don't, this is really the end of Win7.

 

[FlappyBat]

It's unclear if this affects Windows 7 as well, but if it does I'm really curious to see if Microsoft patches it. If they don't, this is really the end of Win7.

The patch is being deployed. No mention of patching Windows 7.

Microsoft patches SMBv3 wormable bug that leaked earlier this week | ZDNet

Emergency out-of-band fix for CVE-2020-0796 is now rolling out to Windows 10 and Windows Server 2019 systems worldwide.

www.zdnet.com

 

[⠠⠠⠅⠑⠋⠋⠁⠇⠎ ⠠⠠⠊⠎ ⠠⠠⠁ ⠠⠠⠋⠁⠛]

It's unclear if this affects Windows 7 as well, but if it does I'm really curious to see if Microsoft patches it. If they don't, this is really the end of Win7.

Windows 7 does not support SMB v3, thus no problem there.
https://social.technet.microsoft.co...66c2/smb-3-and-windows-7?forum=winserverfiles