Microsoft has released a patch for the security vulnerability in Microsoft Server Message Block 3.1.1. Security researchers have now developed proof-of-concepts that demonstrate opportunities for abuse.
Security update KB4551762 is a fix for the vulnerability with designation CVE-2020-0796 Microsoft from Tuesday to Wednesday announced, then with few details. The patch is available for versions 1903 and 1909 of Windows 10 and versions 1903 and 1909 of Windows Server Core installations. These are the vulnerable Windows versions. Earlier, the company reported that the workaround is the SMBv3.1.1 compression can be turned off.
The vulnerability is in the way that Microsoft Server Message Block 3.1.1, the latest version of MIcrosoft’s SMB protocol, handles certain requests. When misused, this allows execution of code on an SMB server or client. The attacker would have to send a rogue data packet to an SMBv3 server, or persuade a client to connect to a malicious SMBv3 server. Windows versions earlier than 1903 are not vulnerable because they do not support SMBv3.1.1 compression.
Bleeping Computer writes that several researchers have now written proof-of-concept code to demonstrate the possibilities for abuse. For example, Kryptos Logic shows a video of a denial of service exploit which causes a blue screen, while Sophos has a local privilege escalation exploit demonstrates for increasing rights. The demonstrations show that abuse is possible in practice.
–
