Microsoft has released a software update for Windows 10 that fixes a bug in SMB. The company itself had confirmed the vulnerability, but had not yet released a fix.
It’s about the vulnerability known as CVE-2020-0796 and is in SMB version 3. The vulnerability could allow malicious attackers to execute code remotely leaving Windows 10 users vulnerable to attackers, which is why the bug is also referred to as ‘critical’. Users can get the necessary software update through Windows Update, like this reports TechCrunch.
Honored this week confirmed Microsoft the existence of the vulnerability in SMB. However, it was not intended to be released at the time, as a patch was not yet available. So Microsoft has now corrected that. By the way, users could already take measures by disabling SMBv3 compression and blocking TCP port 445.
There were already screenshots outside that talked about one wormable attack. The description suggested that the vulnerability would have similarities to the EternalBlue-exploit. “An attacker could exploit this bug by sending a custom package to a vulnerable SMBv3 server that the victim must be connected to,” Microsoft said.
–
