Windows has a New Wormable Vulnerability -- No Patch in Sight
DannyB writes:
Windows has a new wormable vulnerability, and there's no patch in sight:
The vulnerability exists in version 3.1.1 of the Server Message Block 3.1.1 that's used to share files, printers, and other resources on local networks and over the Internet. Attackers who successfully exploit the flaw can execute code of their choice on both servers and end-user computers that use the vulnerable protocol, Microsoft said in this bare-bones advisory.
The flaw, which is tracked as CVE-2020-0796, affects Windows 10 and Windows Server 2019, which are relatively new releases that Microsoft has invested huge amounts of resources hardening against precisely these types of attacks. Patches aren't available, and Tuesday's advisory gave no timeline for one being released.
[...] In the meantime, Microsoft said vulnerable servers can be protected by disabling compression to block unauthenticated attackers from exploiting the vulnerability against an SMBv3 server. Users can use the following PowerShell command to turn off compression without needing to reboot the machine:
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -ForceThat fix won't protect vulnerable client computers from attack. Microsoft also recommended users block port 445, which is used to send SMB traffic between machines.
[...] Jake Williams, a former NSA hacker and the founder of security firm Rendition Security, said in a Twitter thread that both those factors would likely buy vulnerable networks time.
"The TL;DR here is that this IS serious, but it isn't WannaCry 2.0," he wrote. "Fewer systems are impacted and there's no readily available exploit code. I'm not thrilled about another SMB vuln, but we all knew this would come (and this won't be the last). Hysteria is unwarranted though."
As if admins who are trying to support all the additional people who are trying to work remotely - thanks to COVID-19 - had nothing else to worry about.
Read more of this story at SoylentNews.