Microsoft releases emergency patch for SMBv3 protocol vulnerability

The details of the security flaw were leaked accidentally released earlier this week

Microsoft has released an emergency out-of-band fix for a vulnerability affecting the SMBv3 (Server Message Block 3.0) network communication protocol in Windows 10 and Windows Server 2019 systems.

The details of the bug, tracked as CVE-2020-0796, were accidentally released earlier this week due to a miscommunication between Microsoft and some security vendors. The vendors received bug details as part of the Microsoft Active Protections Programme and published them on their websites.

Following the information leak, Microsoft was forced to publish a security advisory on the bug later on Tuesday, together with mitigation instructions.

The fix for this remote code execution (RCE) flaw is now available as KB4551762 security update, which can be installed by either manually downloading it from the Microsoft Update Catalog or by checking for updates via Windows Update.

The update is available for Windows 10 (versions 1903 and 1909) and Windows Server 2019 (versions 1903 and 1909).

According to Microsoft, this network communication flaw exists in the way that the Microsoft SMBv3 protocol handles certain requests.

The SMB protocol is used to enable sharing of printers, files, and other resources on local networks and the internet.

Microsoft said that the vulnerable could enable an attacker to connect to remote systems that have SMB enabled, and to execute malicious code with full privileges, thus enabling remote hijacking of vulnerable systems.

"To exploit the vulnerability against a server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 server. To exploit the vulnerability against a client, an unauthenticated attacker would need to configure a malicious SMBv3 server and convince a user to connect to it," the company revealed.

Security experts now fear CVE-2020-0796 could be weaponised by threat actors to create self-spreading SMB worms, with capabilities similar to NotPetya and WannaCry ransomware strains.

Researchers at cyber Kryptos Logic said on Thursday that following an Internet-wide scan, they identified roughly 48,000 Windows 10 hosts, which are vulnerable to potential attacks targeting CVE-2020-0796 flaw.

Some researchers said they have developed basic proof-of-concept (PoC) demos, showing how the bug could be used to take over vulnerable systems.