Microsoft gives advice for vulnerability in SMBv3 protocol

Teodor Nechita
by Teodor Nechita
Author
Loading Comments
Download PDF
Affiliate Disclosure

SMBV3 advisory page

A few days ago Microsoft rolled out the March Patch Tuesday Updates and provided updates for all versions of Windows 10. However, not everything went all that smoothly.

In their haste to release the notes as soon as possible, Microsoft accidentally revealed an exploit that was not fixed. Affected PCs of the CVE-2020-0796 vulnerability include Windows 10 v1903, Windows10 v1909, Windows Server v1903, and Windows Server v1909.

Microsoft create an advisory page for the SMBv3 vulnerability

Following this minor incident, Microsoft published an advisory page where they went on and added a few tips for users to protect themselves against exploits of this vulnerability.

According to the page:

To exploit the vulnerability against an SMB Server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 Server. To exploit the vulnerability against an SMB Client, an unauthenticated attacker would need to configure a malicious SMBv3 Server and convince a user to connect to it.

What makes matters worse is that all recent versions of Windows 10 and Windows Server are affected by the vulnerability that Microsoft rates as critical, the highest severity rating:

  • Windows 10 version 1903
    • both 32-bit and 64-bit, and ARM.
  • Windows 10 version 1909
    • both 32-bit and 64-bit, and ARM.
  • Windows Server version 1903.
  • Windows Server version 1909.

There is a workaround for the SMBv3 issue

The bad news is that the vulnerability is in the compression functionality of SMBv3. Microsoft suggests that organizations disable compression on Servers to protect these against attacks.

The good news is that system administrators can perform these changes by simply using a PowerShell command, which they also posted withing the advisory page:

Set-ItemProperty -Path “HKLM:SYSTEMCurrentControlSetServicesLanmanServerParameters” DisableCompression -Type DWORD -Value 1 -Force

However, keep note that this change is merely a workaround, and will not protect Clients in any way. Thus, until Microsoft comes up with a permanent fix for the issue, all users can do is wait.

What’s your take on Microsoft’s advice and workarounds? Share your thoughts in the comments section below and we’ll continue the talk.