News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • A March security patch, for CVE-2020-0796, gets a publicly available proof of concept

    Home Forums AskWoody blog A March security patch, for CVE-2020-0796, gets a publicly available proof of concept

    Viewing 4 reply threads
    • Author
      Posts
      • #2269632 Reply
        woody
        Da Boss

        If you haven’t yet installed the March or April or May security patches, time to get cookin’. Ionut Ilascu at Bleeping Computer just reported on a pub
        [See the full post at: A March security patch, for CVE-2020-0796, gets a publicly available proof of concept]

        5 users thanked author for this post.
      • #2269635 Reply
        Seff
        AskWoody Plus

        Thanks Woody.

        So this maximum severity remote code exploit affects Windows 10 which automatically gets security patches but not Windows 7 which doesn’t automatically get patches. An interesting twist in the conundrum facing those Windows 7 users like me (on one machine only, the other is already upgraded) who are sitting on upgrade plans pending a clearer picture on version 2004!

        1 user thanked author for this post.
        • #2269639 Reply
          Microfix
          AskWoody MVP

          yeah that was my first thought, unpatched Windows 7’s who don’t use 0patch or ESU.
          edit: removed my irrelevance

          Affected Versions:
          Windows 10 Version 1903 for 32-bit Systems
          Windows 10 Version 1903 for x64-based Systems
          Windows 10 Version 1903 for ARM64-based Systems
          Windows Server, version 1903 (Server Core installation)
          Windows 10 Version 1909 for 32-bit Systems
          Windows 10 Version 1909 for x64-based Systems
          Windows 10 Version 1909 for ARM64-based Systems
          Windows Server, version 1909 (Server Core installation)

          there was an MS support article published prior to the patch for prevention:
          https://support.microsoft.com/en-us/help/3185535/preventing-smb-traffic-from-lateral-connections

          | Win8.1 Pro x64 | Linux Hybrids x86/x64 | Win7 Pro x86/x64 Offline |
          2 users thanked author for this post.
        • #2270299 Reply
          phaolo
          AskWoody Lounger

          About Win7, on the CVE-2020-0796 page there’s a FAQ that specifies:

          Are older versions of Windows (other than what is listed in the Security Updates table) affected by this vulnerability?

          No, the vulnerability exists in a new feature that was added to Windows 10 version 1903. Older versions of Windows do not support SMBv3.1.1 compression and are not affected.

          So we should be safe for this, at least 😛

      • #2269652 Reply
        b
        AskWoody Plus

        Working exploit code that achieves remote code execution on Windows 10 machines is now publicly available

        Only affects versions 1903/1909.

        Version 1809 (or older) and version 2004 were not vulnerable.

        CVE-2020-0796 | Windows SMBv3 Client/Server Remote Code Execution Vulnerability

        March 12, 2020—KB4551762 (OS Builds 18362.720 and 18363.720)

      • #2269655 Reply
        CyGuy
        AskWoody Plus

        Please pardon my ignorance.  Is there a KB I should be looking for on my system?

        • #2269659 Reply
          b
          AskWoody Plus

          The one immediately above your question, if you’re using 1903/1909.

          (Or any of the five cumulative updates since then for those versions.)

          1 user thanked author for this post.
          • #2269660 Reply
            CyGuy
            AskWoody Plus

            I am using v1909 but the Build is
            18363.836

            • This reply was modified 4 weeks, 1 day ago by CyGuy.
            • #2269663 Reply
              b
              AskWoody Plus

              So you should have KB4551762 in update history.

              (But you didn’t install April or May updates.)

              1 user thanked author for this post.
              • #2269707 Reply
                CyGuy
                AskWoody Plus

                Should the monthly cumulatives (which were installed timely) be sufficient?? I followed the instructions in Woody on Windows. Thanks again.

              • #2269708 Reply
                b
                AskWoody Plus

                Yes.

                1 user thanked author for this post.
      • #2269697 Reply
        CyGuy
        AskWoody Plus

        I installed the cumulative updates.  I followed the instructions in Woody on Windows.

    Viewing 4 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: A March security patch, for CVE-2020-0796, gets a publicly available proof of concept

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.