author photo
By Bruce Sussman
Wed | Mar 11, 2020 | 7:46 AM PDT

Did Microsoft accidentally create a Zero-Day that hackers are attempting to exploit right now?

It at least gave them a clue on where to look for it.

Microsoft issued more than 100 security patches and related notices on March 10, 2020. But one of the items on the list was not supposed be there—at least not yet.

Cybersecurity vendors caught the notice of  a wormable Microsoft Server Message Block (SMB) vulnerability designated as CVE-2020-0796.

However, following the notification, Microsoft did not issue a patch for the problem. On March 11, the company said there was no patch ready for the SMB security hole.

[Update: Microsoft issues emergency patch on March 12]

What is the Microsoft SMB vulnerability about?

FortiGuard Labs posted more on what the vulnerability is about:

"This indicates an attack attempt to exploit a Buffer Overflow Vulnerability in Microsoft SMB Servers. The vulnerability is due to an error when the vulnerable software handles a maliciously crafted compressed data packet. A remote, unauthenticated attacker can exploit this to execute arbitrary code within the context of the application."

According to Fortinet, impacted products include:
  • Windows 10 Version 1903 for 32-bit Systems
  • Windows 10 Version 1903 for x64-based Systems
  • Windows 10 Version 1903 for ARM64-based Systems
  • Windows Server, version 1903 (Server Core installation)
  • Windows 10 Version 1909 for 32-bit Systems
  • Windows 10 Version 1909 for x64-based Systems
  • Windows 10 Version 1909 for ARM64-based Systems
  • Windows Server, version 1909 (Server Core installation)

Workaround for SMB vulnerability

After news of this issue came to light, Microsoft did issue Security Advisory ADV200005. It said there was no patch, however, there is a workaround for the vulnerability.

The workaround requires you to disable SMBv3 Server with a specific PowerShell command. You can read about it here.

[Story Update: Microsoft issues emergency patch on March 12]

Cybersecurity podcast: How bug bounties create patches

How does the cybersecurity patching ecosystem work? And what kind of positive impact does it make on security?

Listen to our interview with Brian Gorenc who directs the Zero Day Initiative (ZDI), which is the world's largest vendor agnostic bug bounty program.

Comments