A March security patch, for CVE-2020-0796, gets a publicly available proof of concept

Topic

New Reply

If you haven’t yet installed the March or April or May security patches, time to get cookin’. Ionut Ilascu at Bleeping Computer just reported on a pub
[See the full post at: A March security patch, for CVE-2020-0796, gets a publicly available proof of concept]

5 users thanked author for this post.

Elly, Mr. Natural, CyGuy, lmacri, Microfix

Reply | Quote

Replies

Thanks Woody.

So this maximum severity remote code exploit affects Windows 10 which automatically gets security patches but not Windows 7 which doesn’t automatically get patches. An interesting twist in the conundrum facing those Windows 7 users like me (on one machine only, the other is already upgraded) who are sitting on upgrade plans pending a clearer picture on version 2004!

1 user thanked author for this post.

Microfix

Reply | Quote

yeah that was my first thought, unpatched Windows 7’s who don’t use 0patch or ESU.
edit: removed my irrelevance

Affected Versions:
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows Server, version 1903 (Server Core installation)
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows Server, version 1909 (Server Core installation)

there was an MS support article published prior to the patch for prevention:
https://support.microsoft.com/en-us/help/3185535/preventing-smb-traffic-from-lateral-connections

No problem can be solved from the same level of consciousness that created IT- AE

2 users thanked author for this post.

Moonbear, Seff

Reply | Quote

About Win7, on the CVE-2020-0796 page there’s a FAQ that specifies:

Are older versions of Windows (other than what is listed in the Security Updates table) affected by this vulnerability?

No, the vulnerability exists in a new feature that was added to Windows 10 version 1903. Older versions of Windows do not support SMBv3.1.1 compression and are not affected.

So we should be safe for this, at least 😛

Reply | Quote

woody wrote:

Working exploit code that achieves remote code execution on Windows 10 machines is now publicly available

Only affects versions 1903/1909.

Version 1809 (or older) and version 2004 were not vulnerable.

CVE-2020-0796 | Windows SMBv3 Client/Server Remote Code Execution Vulnerability

March 12, 2020—KB4551762 (OS Builds 18362.720 and 18363.720)

Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge

Reply | Quote

Please pardon my ignorance.  Is there a KB I should be looking for on my system?

Reply | Quote

The one immediately above your question, if you’re using 1903/1909.

(Or any of the five cumulative updates since then for those versions.)

Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge

1 user thanked author for this post.

CyGuy

Reply | Quote

[CyGuy]

I am using v1909 but the Build is
18363.836

• This reply was modified 3 years, 4 months ago by CyGuy.

Reply | Quote

So you should have KB4551762 in update history.

(But you didn’t install April or May updates.)

Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge

1 user thanked author for this post.

CyGuy

Reply | Quote

Should the monthly cumulatives (which were installed timely) be sufficient?? I followed the instructions in Woody on Windows. Thanks again.

Reply | Quote

Yes.

Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge

1 user thanked author for this post.

CyGuy

Reply | Quote

I installed the cumulative updates.  I followed the instructions in Woody on Windows.

Reply | Quote