Critical security update - Microsoft - March 12, 2020—KB4551762

What is the purpose of this alert?

This alert is notification that Microsoft has released new security updates (Out-of-Band) for Windows 10 v1903, Windows 10 v1909, Windows Server v1903 (Server Core installation), Windows Server v1909 (Server Core installation).

Executive Summary

Microsoft has released new security updates to address a security vulnerability that affects Windows 10 v1903, Windows 10 v1909, Windows Server v1903 (Server Core installation), and Windows Server v1909 (Server Core installation). The vulnerability does not affect older versions of Windows.

Security Vulnerability Details

Published details for security vulnerability CVE-2020-0796 | Windows SMBv3 Client/Server Remote Code Execution Vulnerability:

 

CVE-2020-0796

Windows SMBv3 Client/Server Remote Code Execution Vulnerability

Executive Summary

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client. The security update addresses the vulnerability by correcting how the SMBv3 protocol handles these specially crafted requests.

Affected Software

Windows 10 v1903, Windows 10 v1909, Windows Server v1903 (Server Core installation), Windows Server v1909 (Server Core installation). Note: older versions of Windows are not affected by this vulnerability.

Attack Vectors

To exploit the vulnerability against a server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 server. To exploit the vulnerability against a client, an unauthenticated attacker would need to configure a malicious SMBv3 server and convince a user to connect to it.

Mitigating Factors

Microsoft has not identified any mitigating factors for this vulnerability.

Workarounds

Disable SMBv3 compression. The CVE page at the link below documents how to disable SMBv3 compression.

Notes:

  • No reboot is needed after making the change.
  • This workaround does not prevent exploitation of SMBv3 clients.
  • Microsoft strongly recommends that you install the updates for this vulnerability as soon as they become available even if you plan to leave this workaround in place.

Steps to implement this workaround are provided in the CVE details page at the link below. Steps for how to disable the workaround are also documented in the CVE details page.

Impact

Remote Code Execution

Severity

Critical

Publicly Disclosed?

Yes. 

(See https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200005)

Known Exploits?

No

Exploitability Index Rating

1 - Exploitation More Likely

More Details (CVE details page)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796

 

Answers to anticipated questions

Q: How do I get the update for this issue?

A: The updates are now available via the Microsoft Update Catalog, Windows Update and WSUS. You can get the update in Windows via Settings > Windows Update > Check for Updates.  

 

Q: Does this vulnerability affect versions of Windows other than Windows 10 v1903, Windows 10 v1909, Windows Server v1903 (Server Core installation), and Windows Server v1909 (Server Core installation)?

A: No. Only these versions of Windows are affected by this vulnerability. 

 

Q: Does this update require a reboot?

A: Yes – this update will require a reboot.    

 

Q: Where can I find the status of documented issues from previous Windows update releases?

A: You can find the status of documented issues in the Known Issues section of the KB article for the respective update. The status of documented issues in previous Windows updates are also summarized in the Windows Release Information portal: https://docs.microsoft.com/windows/release-information/.

 

Recommended actions

Please review the CVE-2020-0796 webpage at the link below for details about the vulnerability, download links, affected software, workarounds, CVSS score, and additional details. Prioritize deploying these new updates in your environment.

 

Related resources 

 

Leave a comment

Please note, comments must be approved before they are published