If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
Microsoft patches SMBv3 wormable bug that leaked earlier this week CVE-2020-079 KB4551762
Microsoft patches SMBv3 wormable bug that leaked earlier this week
https://www.zdnet.com/article/microsoft-patches-smbv3-wormable-bug-that-leaked-earlier-this-week/ "Emergency out-of-band fix for CVE-2020-0796 is now rolling out" "The fix is available as KB4551762, an update for Windows 10, versions 1903 and 1909, and Windows Server 2019, versions 1903 and 1909." "The bug allows attackers to connect to remote systems where the SMB service is enabled and run malicious code with SYSTEM privileges, allowing for remote takeovers of vulnerable systems." See also: o Details about new SMB wormable bug leak in Microsoft Patch Tuesday snafu https://www.zdnet.com/article/details-about-new-smb-wormable-bug-leak-in-microsoft-patch-tuesday-snafu/ "SMB vulnerability is currently not patched, but now everyone knows it's there" o March 12, 2020¡XKB4551762 (OS Builds 18362.720 and 18363.720) https://support.microsoft.com/en-us/help/4551762/windows-10-update-kb4551762 "1903-OS Build 18362.720 and 1909-OS Build 18363.720" o We've just finished our first internet wide scan for CVE-2020-0796 and have identified 48000 vulnerable hosts. https://twitter.com/kryptoslogic/status/1238069159919063050 o ADV200005 | Microsoft Guidance for Disabling SMBv3 Compression https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv200005 "You can disable compression to block unauthenticated attackers from exploiting the vulnerability against an SMBv3 Server with the PowerShell command below. Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanSer ver\Parameters" DisableCompression -Type DWORD -Value 1 -Force" -- Only 2 kinds of people are on Usenet: Those adding value & those who can't. |
Ads |
Thread Tools | |
Display Modes | Rate This Thread |
|
|