Out of Band Windows 10 Security Patch Released to Fix RCE Flaw in SMBv3

Mar 12, 2020 20:10 EDT
Submit

Earlier this week, details of a security vulnerability in the Microsoft Server Message Block 3.1.1 (SMB) were prematurely leaked by security vendors. Only two days and the Windows maker has already issued a Windows 10 update delivering the fix for the bug.

The details were inadvertently disclosed on Patch Tuesday as part of the regular monthly security patches. The issue affects Windows 10 versions 1909 and 1903 along with Windows Server versions 1909 and 1903 (Server Core installation). This remote code execution flaw could allow an attacker to remotely run malicious code on a vulnerable computer.

Windows 10 October 2020 Update Gets a New Build 19042.608 (KB4580364) – Insider Only

Researchers at security firms had warned that it was a wormable bug, which worried everyone if it could turn into a WannaCry-like problem.

Windows 10 KB4551762 fixes the SMBv3 security vulnerability; should be considered a priority update

Microsoft has now released KB4551762 (Builds 18362.720 and 18363.720) for Windows 10 May 2019 Update, version 1903 and Windows 10 November 2019 Update, version 1909.

Updates a Microsoft Server Message Block 3.1.1 protocol issue that provides shared access to files and printers.

Microsoft said that today's out of band security update addresses the "remote code execution vulnerability in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests (CVE-2020-0796)."

The company added that it has not observed an attack exploiting this vulnerability, but recommends applying this update "with priority." The update is available through Windows Update and manually through Microsoft Update Catalog.

- Relevant: Intel Chips Vulnerable to “Reverse-Meltdown” Attacks – Mitigations Carry Significant Performance Hit

Submit