H L Data Storage Store Banner 970x90
Breaking News

Linksys Brings Best in Class WiFi Performance to the Home with New Series of Affordable WiFi 6 Mesh Solutions Micron announces upcoming availability of Crucial P3 Plus and Crucial P3 NVMe SSDs addlink Virtual Showcase 2022: AddGame SPIDER X5 DDR5 RGB Memory Line-up NVIDIA Adds Liquid-Cooled GPUs for Sustainable, Efficient Computing Asus introduces the world's first 500Hz monitor

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Microsoft Discloses Unpatched Critical SMB Vulnerability in Windows

Microsoft Discloses Unpatched Critical SMB Vulnerability in Windows

Enterprise & IT Mar 11,2020 0

Microsoft, which has recently issued its latest patches for Windows, has also disclosed an unpatched critical vulnerability in the Microsoft Server Message Block 3.1.1 (SMBv3) protocol.

The vulnerability affects ARM64, 32- and 64-bit editions of Windows 10 versions 1903 and 1909, as well as Windows Server versions 1903 and 1909.

According to a Microsoft security advisory, the company is aware of a remote code execution vulnerability in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests.

"An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target SMB Server or SMB Client. To exploit the vulnerability against an SMB Server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 Server. To exploit the vulnerability against an SMB Client, an unauthenticated attacker would need to configure a malicious SMBv3 Server and convince a user to connect to it," Microsoft says.

According to cybersecurity firm FortiGuard Labs, the MS.SMB.Server.Compression.Transform.Header.Memory.Corruption is described as "an attack attempt to exploit a Buffer Overflow Vulnerability in Microsoft SMB Servers".

"The vulnerability is due to an error when the vulnerable software handles a maliciously crafted compressed data packet. A remote, unauthenticated attacker can exploit this to execute arbitrary code within the context of the application", the firm says.

Microsoft suggests a workaround that involves disabling SMBv3 compression, although the company points out that while this will block unauthenticated attackers, it does not prevent SMB clients from being exploited. To disable compression, use the following PowerShell command:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force

Microsoft also advises people to block TCP port 445 at the enterprise perimeter firewall.

Tags: windows 10MicrosoftpatchCybersecurity
Previous Post
Sharp Files Patent Infringement Lawsuit Against Vizio
Next Post
LG's 2020 TV Lineup is Rolling Out

Related Posts

  • Apple, Google, and Microsoft commit to expanded support for FIDO standard

  • Microsoft to acquire Activision Blizzard to bring the joy and community of gaming to everyone, across every device

  • Introducing new Surface products, built for Windows 11

  • Introducing Windows 11

  • Microsoft announces Surface Laptop 4

  • Whats best for you MAC or PC?

  • Microsoft Introduces Surface Pro 7+

  • Minecraft with RTX Now Officially Available For All Windows 10 Players

H L Data Storage Store Banner 300x600

 

Latest News

Linksys Brings Best in Class WiFi Performance to the Home with New Series of Affordable WiFi 6 Mesh Solutions
Enterprise & IT

Linksys Brings Best in Class WiFi Performance to the Home with New Series of Affordable WiFi 6 Mesh Solutions

Micron announces upcoming availability of Crucial P3 Plus and Crucial P3 NVMe SSDs
PC components

Micron announces upcoming availability of Crucial P3 Plus and Crucial P3 NVMe SSDs

addlink Virtual Showcase 2022: AddGame SPIDER X5 DDR5 RGB Memory Line-up
PC components

addlink Virtual Showcase 2022: AddGame SPIDER X5 DDR5 RGB Memory Line-up

NVIDIA Adds Liquid-Cooled GPUs for Sustainable, Efficient Computing
GPUs

NVIDIA Adds Liquid-Cooled GPUs for Sustainable, Efficient Computing

Asus introduces the world's first 500Hz monitor
Gaming

Asus introduces the world's first 500Hz monitor

Popular Reviews

CeBIT 2005

CeBIT 2005

CeBIT 2006

CeBIT 2006

Zidoo Z9S 4K Media Player review

Zidoo Z9S 4K Media Player review

LiteOn iHBS112 review

LiteOn iHBS112 review

Club3D HD3850

Club3D HD3850

Pioneer BDR-2207 (BDR-207M) BDXL burner review

Pioneer BDR-2207 (BDR-207M) BDXL burner review

External USB Slim Recorders Comparison

External USB Slim Recorders Comparison

Crucial P1 NVMe 1TB SSD review

Crucial P1 NVMe 1TB SSD review

  • Home
  • News
  • Reviews
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed