According to latest reports, Microsoft Windows 10 computers and Windows Servers become more vulnerable due to SMBv3 protocol. Microsoft has accidentally confirmed this during the patch day. However, the company was unable to deliver a suitable update for this vulnerability.
A new security vulnerability has been known under the code name “CVE-2020-0796” for a few hours, which makes the Server Message Block protocol version 3 vulnerable to illegal intruders and malware. Windows 10 and Windows Server Core installations with patch status 1903 and 1909 on a 32-bit and 64-bit basis and ARM64 systems are affected with this. As Microsoft may have postponed a problem-solving update at short notice, security providers such as Fortinet and Cisco Talos were nevertheless informed about the SMBv3 security vulnerability, which was classified as serious.
Systems Control Can Be Achieved by a remote attack
Fortinet describes the software vulnerability, already known by experts as “SMBGhost” and compared with worm-like malware such as WannaCry, NotPatya, and EternalBlue: “This indicates an attempted attack in which a buffer overflow vulnerability in Microsoft SMB servers is to be exploited The vulnerability was caused by an error when the vulnerable software processed a maliciously crafted compressed data packet. A remote, unauthenticated attacker could use this to execute arbitrary code in the context of the application. “
So far, technical details or the corresponding code for the security vulnerability have not been published, Microsoft however, might release the security patch for windows 10 soon after the vulnerability gets to the new hypes. Microsoft commented briefly in a security update guide and recommends affected users and server administrators to a solution in the form of a possible emergency patch for Windows 10 and Windows server systems, the deactivation of SMBv3 compression and the blocking of TCP -Ports 445 in the respective firewall settings. As a workaround, this should help ward off attacks from outside. Microsoft has not yet announced when an update is expected.