Government of the Republic of Trinidad and Tobago
gov.tt

TTCSIRT-293.031120: TT-CSIRT ADVISORY- MICROSOFT SMBv3 VULNERABILITY

TTCSIRT-293.031120: TT-CSIRT ADVISORY- MICROSOFT SMBv3 VULNERABILITY

Microsoft has published an advisory for a critical remote code execution (RCE) vulnerability in Microsoft Server Message Block 3.1.1 (SMBv3). This vulnerability affects both SMB servers and SMB clients.
.
This vulnerability evokes memories of EternalBlue, an RCE vulnerability in Microsoft SMBv1 that was used as part of the WannaCry ransomware attacks in 2017. (Satnam Narang, Tenable)
.
There is currently no security patch available for this vulnerability.
.
Workarounds:
– Disable SMBv3 Compression
– Block TCP port 445 at the enterprise perimeter firewall
Follow Microsoft’s guidelines on preventing SMB traffic from lateral connections and entering or leaving the network
.
Sources:
Microsoft Advisory ADV200005
Tenable Blog
Fortiguard

0 March 11, 2020
Security Advisories
Language
April 2024
M T W T F S S
1234567
891011121314
15161718192021
22232425262728
2930  

Abercromby Street, Port of Spain, Trinidad and Tobago, W.I.

contacts@ttcsirt.gov.tt

+1 868 623 5439

©  2024 TT-CSIRT: Trinidad and Tobago Cyber Security Incident Response Team. Built using WordPress and the Materialis Theme