TTCSIRT-293.031120: TT-CSIRT ADVISORY- MICROSOFT SMBv3 VULNERABILITY
Microsoft has published an advisory for a critical remote code execution (RCE) vulnerability in Microsoft Server Message Block 3.1.1 (SMBv3). This vulnerability affects both SMB servers and SMB clients.
.
This vulnerability evokes memories of EternalBlue, an RCE vulnerability in Microsoft SMBv1 that was used as part of the WannaCry ransomware attacks in 2017. (Satnam Narang, Tenable)
.
There is currently no security patch available for this vulnerability.
.
Workarounds:
– Disable SMBv3 Compression
– Block TCP port 445 at the enterprise perimeter firewall
– Follow Microsoft’s guidelines on preventing SMB traffic from lateral connections and entering or leaving the network
.
Sources:
– Microsoft Advisory ADV200005
– Tenable Blog
– Fortiguard