Breaking News

KIOXIA Launches High-Capacity 1TB MicroSD Memory Cards BIOSTAR SHOWCASES THE ULTIMATE BUSINESS SOLUTION: THE B650MT MOTHERBOARD AND AMD RYZEN 5 PRO 7645 PROCESSOR COMBO Leica Watch ZM 1 Gold Limited Edition PlayStation Plus Monthly Games for December: Lego 2K Drive, Powerwash Simulator, Sable Samsung TV Plus Update Makes Browsing and Viewing Content Easier and Faster

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Microsoft Discloses Unpatched Critical SMB Vulnerability in Windows

Microsoft Discloses Unpatched Critical SMB Vulnerability in Windows

Enterprise & IT Mar 11,2020 0

Microsoft, which has recently issued its latest patches for Windows, has also disclosed an unpatched critical vulnerability in the Microsoft Server Message Block 3.1.1 (SMBv3) protocol.

The vulnerability affects ARM64, 32- and 64-bit editions of Windows 10 versions 1903 and 1909, as well as Windows Server versions 1903 and 1909.

According to a Microsoft security advisory, the company is aware of a remote code execution vulnerability in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests.

"An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target SMB Server or SMB Client. To exploit the vulnerability against an SMB Server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 Server. To exploit the vulnerability against an SMB Client, an unauthenticated attacker would need to configure a malicious SMBv3 Server and convince a user to connect to it," Microsoft says.

According to cybersecurity firm FortiGuard Labs, the MS.SMB.Server.Compression.Transform.Header.Memory.Corruption is described as "an attack attempt to exploit a Buffer Overflow Vulnerability in Microsoft SMB Servers".

"The vulnerability is due to an error when the vulnerable software handles a maliciously crafted compressed data packet. A remote, unauthenticated attacker can exploit this to execute arbitrary code within the context of the application", the firm says.

Microsoft suggests a workaround that involves disabling SMBv3 compression, although the company points out that while this will block unauthenticated attackers, it does not prevent SMB clients from being exploited. To disable compression, use the following PowerShell command:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force

Microsoft also advises people to block TCP port 445 at the enterprise perimeter firewall.

Tags: windows 10MicrosoftpatchCybersecurity
Previous Post
Sharp Files Patent Infringement Lawsuit Against Vizio
Next Post
LG's 2020 TV Lineup is Rolling Out

Related Posts

  • Activision Blizzard King to Team Xbox

  • NVIDIA Studio Lineup Adds RTX-Powered Microsoft Surface Laptop Studio 2

  • Samsung and Microsoft Unveil First On-Device Attestation Solution for Enterprise

  • Introducing Xbox Game Pass Core, Coming This September

  • Announcing the next wave of AI innovation with Microsoft Bing and Edge

  • Microsoft Announces Security Copilot AI

  • Microsoft breaks new ground in healthcare with the next evolution of AI

  • ChatGPT is now available in Azure OpenAI Service

Latest News

KIOXIA Launches High-Capacity 1TB MicroSD Memory Cards
Cameras

KIOXIA Launches High-Capacity 1TB MicroSD Memory Cards

BIOSTAR SHOWCASES THE ULTIMATE BUSINESS SOLUTION: THE B650MT MOTHERBOARD AND AMD RYZEN 5 PRO 7645 PROCESSOR COMBO
Enterprise & IT

BIOSTAR SHOWCASES THE ULTIMATE BUSINESS SOLUTION: THE B650MT MOTHERBOARD AND AMD RYZEN 5 PRO 7645 PROCESSOR COMBO

Leica Watch ZM 1 Gold Limited Edition
Consumer Electronics

Leica Watch ZM 1 Gold Limited Edition

PlayStation Plus Monthly Games for December: Lego 2K Drive, Powerwash Simulator, Sable
Gaming

PlayStation Plus Monthly Games for December: Lego 2K Drive, Powerwash Simulator, Sable

Samsung TV Plus Update Makes Browsing and Viewing Content Easier and Faster
Consumer Electronics

Samsung TV Plus Update Makes Browsing and Viewing Content Easier and Faster

Popular Reviews

Pioneer BDR-S13U-X Blu-Ray Recorder

Pioneer BDR-S13U-X Blu-Ray Recorder

Arctic Liquid Freezer II 360 Α-RGB

Arctic Liquid Freezer II 360 Α-RGB

Pioneer BDR-X13U-S

Pioneer BDR-X13U-S

Pioneer BDR-XD08UMB-S External Blu-Ray Recorder

Pioneer BDR-XD08UMB-S External Blu-Ray Recorder

Verbatim External 4K Slimline Blu-Ray Recorder

Verbatim External 4K Slimline Blu-Ray Recorder

Surefire KINGPIN M2 Keyboard

Surefire KINGPIN M2 Keyboard

Samsung 970 EVO Plus 2TB NVME SSD

Samsung 970 EVO Plus 2TB NVME SSD

Crucial X8 4TB PortableSSD

Crucial X8 4TB PortableSSD

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed