Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Microsoft Security Windows IT

Microsoft Patches SMBv3 Wormable Bug That Leaked Earlier this Week (zdnet.com) 12

Posted by msmash from the PSA dept.
Microsoft today released a patch for a vulnerability in the SMBv3 protocol that accidentally leaked online earlier this week during the March 2020 Patch Tuesday preamble. From a report: The fix is available as KB4551762, an update for Windows 10, versions 1903 and 1909, and Windows Server 2019, versions 1903 and 1909. The update fixes CVE-2020-0796, a vulnerability in Server Message Block, a protocol for sharing files, printers, and other resources on local networks and the Internet. The bug allows attackers to connect to remote systems where the SMB service is enabled and run malicious code with SYSTEM privileges, allowing for remote takeovers of vulnerable systems. Earlier this week, due to what looks like a miscommunication between Microsoft and some antivirus vendors, details about this bug leaked online.
This discussion has been archived. No new comments can be posted.

Microsoft Patches SMBv3 Wormable Bug That Leaked Earlier this Week More

Microsoft Patches SMBv3 Wormable Bug That Leaked Earlier this Week

Comments Filter:
  • And now what else did they break?

    • Nothing. This is a security update not a "feature update" where the "feature" is that something no longer works.

  • Why is Microsoft patching an old Nintendo game? And I don't remember any worms in Mario games until Super Mario World....

  • (Copy of a comment I posted at Arstechnica). (Score:5, Informative)

    by Jeremy Allison - Sam ( 8157 ) on Thursday March 12, 2020 @05:21PM (#59823762) Homepage

    Microsoft hasn't contacted us (Samba) so this almost certainly isn't a protocol level bug (they're *very* good about being proactive on these), but an error in their implementation of the SMB3 compression transform.

    In other words, a typical buffer overrun in a compression library. Gee, wonder where I've seen these before.

    Currently Samba doesn't implement that specific SMB3 compression transform header (we do implement the SMB3 encryption transform header, which isn't vulnerable), an example where being slow to implement a feature is an advantage for once :-).

    So most Linux-based SMB3 servers and NAS boxes (which use Samba) will not be affected by this (I believe - things may change as more information becomes available).

    • I still can't get Samba on Linux Mint working with Windows 10. Literally nothing I do makes it work. There's no way grandma could ever use Linux, Samba, and Windows in the same ecosystem.

      • Ask for help on the samba@lists.samba.org mailing list. We're very friendly !

      • Re: (Score:2)

        by SeaFox ( 739806 )

        My issue wasn't with accessing a Windows system on Mint, but accessing a SMB share on my NAS, a share that worked fine on my Windows and Mac clients. I tried this [medo64.com], rebooted, and when I next tried to connect to the NAS by local IP and mount shares, it worked. So I just bookmarked the server in the file browser on Mint so I'd have easy access after that.

  • NSA will not be happy (Score:1)

    by Anonymous Coward

    We paid Microsoft more than 537 Million Dollars to write this bug into their Operating System. And now they go an close it after less than a year in production. If we weren't such a bunch of sleazy ass-fuckers ourselves we would sue!

Slashdot Top Deals

All seems condemned in the long run to approximate a state akin to Gaussian noise. -- James Martin

Close