Microsoft has today confirmed a remote code execution vulnerability in the file sharing service SMBv3.
The report states that Version 1903 and 1909 of Windows 10 and Windows server are vulnerable to an attack.
SMB is a network file sharing protocol to exchange information over a network, Microsoft SMBv3 is the implementation to allows a system to share files and printers across a network.
In order for an attacker to exploit this vulnerability, the attacker must create a malicious SMBv3 server and convince an unsuspecting user to connect to it.
For example, it is possible for a remote attacker to create a social engineering campaign that encourages users to connect to a malicious file share link that is hosted outside of the networks perimeter.
At the time of writing this advisory, no hotfixes have been provided by Microsoft.
To minimise the impact of external exploitation, it is recommended to block all SMB connections leaving the LAN network through the WAN interface.
Affected Products
- Windows 10 Version 1903 for 32-bit Systems
- Windows 10 Version 1903 for x64-based Systems
- Windows 10 Version 1903 for ARM64-based Systems
- Windows Server, version 1903 (Server Core installation)
- Windows 10 Version 1909 for 32-bit Systems
- Windows 10 Version 1909 for x64-based Systems
- Windows 10 Version 1909 for ARM64-based Systems
- Windows Server, version 1909 (Server Core installation)
Impact
Failing to update puts your system at risk with attackers able to gain access and control of systems remotely.
Next steps
Don’t put your network and data at risk. To minimize the impact of external exploitation, it is recommended to block all SMB connections leaving the LAN network through the WAN interface.
More information
portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv200005
Need help?
Secure your business, through ours.
Our team of experts are available to help with Network and Security Engineering support.
Get in touch support@redpiranha.net