A recent information disclosure by Microsoft revealed there is a remote code execution vulneability in the SMB3 services (client and server). This vulnerability could be leveraged in a simmilar manner to MSBLASTER/NACHI/WannaCry etc.

This is a CRITICAL vulnerability, yet currently there are no reports of this being exploite in the wild (epect that the change in the near future)

Microsoft has just released an out of band patch for this:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796

The patch applies to the following OS versions: Windows 10 version 1903, Windows Server version 1903, Windows 10, version 1909 and Windows Server version 1909.

There is also a workaround which can be used (check the impact of this beforehand) which disables compression which protects server elements but will not protect client side exploitation.

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force

Get patching people! You can deploy this standalone (via the .msu downloads) or via Windows Update etc. (or via an RMM solution)

In testing this patch requires a reboot.

Useful Security Practises

While we are here it’s a good time (once you have patched!) to think about some more generic good practises around security management.

Condsider the following:

  • Ensure you are alerted to critical security notifications for your systems
  • Ensure you have a robust and reliable patch management capability
  • Conduct regular vulnerability scanning
  • Disable services not in use
  • Look at using host based firewall rules to restrict access to sensitive servies to a admin jump box (PAWS)
  • Look to leverage mobile device management to ensure your devices are manageable both on and off the network
  • Ensure you communicate with your staff to ensure patching doesn’t create business change issues
  • It’s wise to test deployments in a test environment and/or on a small sample of users first to ensure patches don’t cause a negative business impact

Keeping technology well managed, secured and updated requires some planning, but modern operating systems and management toolsets can help you ensure your business has robust and reliable technology services. Patching isn’t easy, there’s lots of things to consider (hence why I’m writing the blog) but if you approach it in a sensible manner and keep on top of things it’s a lot better than being pwn3d and ransomed etc.

Stay safe and keep those systems up to date!

Leave a Reply

Your email address will not be published. Required fields are marked *