As you probably know by now, Microsoft just released the third-round of Patch Tuesday updates for the year 2020, and they are called the March Patch Tuesday Updates.
Microsoft revealed an exploit that was left unchecked
However, in their haste to release the notes as soon as possible, Microsoft accidentally revealed an exploit that was not fixed. Affected PCs of the CVE-2020-0796 vulnerability include Windows 10 v1903, Windows10 v1909, Windows Server v1903, and Windows Server v1909.
Apparently, Microsoft was planning to release a patch this Patch Tuesday but revoked it immediately. However, they included the details of the flaw in their Microsoft API, which some antivirus vendors scrape and subsequently publish.
The vulnerability is a wormable exploit in the SMBV3 which happens to be the same protocol as exploited by the WannaCry and NotPetya ransomware. Fortunately enough, no exploit code has been released.
No further details have been published on the matter, but Fortinet notes that:
a remote, unauthenticated attacker can exploit this to execute arbitrary code within the context of the application.
One workaround to this issue is to disable SMBv3 compression and block TCP port 445 on firewalls and client computers.
Note: The full update advisory is now available, and Microsoft states that the above-mentioned workaround is only good for protecting servers, but not clients.
What’s your take on Microsoft’s latest mishap? Share your thoughts in the comments section below and we’ll continue the talk.