Microsoft has released a Windows patch for a security vulnerability that was prematurely disclosed earlier this week. A successful exploit of the server message block (SMB) bug in the latest version of Windows could allow an attacker to remotely run malicious code on any vulnerable computer.
Satnam Narang, Principal Research Engineer at Tenable said, “Microsoft released an out-of-band patch for CVE-2020-0796, a critical remote code execution vulnerability in Server Message Block 3.1.1 (SMBv3) for Microsoft Windows 10 versions 1903 and 1909 and Windows Server 1903 and 1909. This “wormable” flaw, dubbed EternalDarkness, was initially disclosed mistakenly on Patch Tuesday by another security vendor. The patch addresses the way the SMBv3 protocol handles specially crafted requests using compression.
Prior to the patch being released, we had already seen proof-of-concept scripts to identify vulnerable instances, as well as attempts to exploit the flaw. With the patch now available, we expect these efforts to continue, as both the security community and threat actors seek out a working exploit. Because the vulnerability affects specific versions of Windows 10 and Windows Server, the impact of a working exploit will be less severe than what we saw in the case of EternalBlue, which affected SMBv1 and had a much larger footprint across the world.
However, Microsoft rarely patches a vulnerability outside of its normal patch cycle, which means organizations and users should take this vulnerability very seriously. We strongly urge everyone affected to apply these patches as soon as possible because of the severity of and interest in the flaw.
