Smile On Fridays secured coverage in The Daily Swig for Tenable

Windows SMB: Accidental bug disclosure prompts emergency security patch

Microsoft released an out-of-band security update to patch a remote code execution (RCE) vulnerability impacting Server Message Block (SMB) on Thursday, just two days after its regular Patch Tuesday releases.

The software vendor was obliged to rush out a fix after security partner inadvertently disclosed details of the flaw, which is of a type previously exploited by high-profile threats such as the WannaCry worm.

If left unaddressed, the vulnerability (CVE-2020-0796) in Microsoft SMB 3.1.1 (SMBv3) could be exploited by a remote attacker to plant malicious code on vulnerable systems.

Exploitation would involve sending a specially crafted, compressed data packets to a targeted SMBv3 server.

The flaw stems from bugs in how “Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests”, an advisory from Microsoft explains.

Charley Nash

Previous PostSmile On Fridays secured coverage in The Guardian for Tenable
Next PostSmile On Fridays secured coverage in Forbes for Edgescan

© 2018 Smile on Fridays. All Rights Reserved | Website by TCMarketing