TTCSIRT-293.031120: TT-CSIRT ADVISORY- MICROSOFT SMBv3 VULNERABILITY
Microsoft has published an advisory for a critical remote code execution (RCE) vulnerability in Microsoft Server Message Block 3.1.1 (SMBv3). This vulnerability affects both SMB servers and SMB clients.
This vulnerability evokes memories of EternalBlue, an RCE vulnerability in Microsoft SMBv1 that was used as part of the WannaCry ransomware attacks in 2017. (Satnam Narang, Tenable)
There is currently no security patch available for this vulnerability.
– Disable SMBv3 Compression
– Block TCP port 445 at the enterprise perimeter firewall
– Follow Microsoft’s guidelines on preventing SMB traffic from lateral connections and entering or leaving the network
– Microsoft Advisory ADV200005
– Tenable Blog