News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Heads up: Microsoft posts a fix for that SMBv3 security hole. Get ready to install this month’s Windows patches.

    Home Forums AskWoody blog Heads up: Microsoft posts a fix for that SMBv3 security hole. Get ready to install this month’s Windows patches.

    Viewing 12 reply threads
    • Author
      Posts
      • #2190096 Reply
        woody
        Da Boss

        Microsoft just released the patch that it almost released on Tuesday. It’s the SMBv3 patch that’s set the security community on fire. KB 4551762, whic
        [See the full post at: Heads up: Microsoft posts a fix for that SMBv3 security hole. Get ready to install this month’s Windows patches.]

        2 users thanked author for this post.
      • #2190106 Reply
        bbearren
        AskWoody MVP

        MS-DEFCON ignored per usual, KB4551762 Cumulative Update for Windows 10 Version 1909 for x64-based Systems installed, system nominal.

        Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
        "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns
        "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

        2 users thanked author for this post.
        • #2190174 Reply
          Elly
          AskWoody MVP

          As someone who had many family and friends have W10 meltdowns (probably due to having inexpensive, slower machines) I’ve always appreciated those who have the knowledge and expertise to easily recover. For the DEFCON system to work, there have to be those adventurous enough to put their machines on the line. Your regular reporting of having no issues is appreciated.

          Non-techy Win 10 Pro and Linux Mint experimenter

          3 users thanked author for this post.
      • #2190109 Reply
        geekdom
        AskWoody Plus

        Windows 1909 Test Beta
        March 12, 2020

        kb4551762
        https://support.microsoft.com/en-us/help/4551762/windows-10-update-kb4551762

        Installed update from Windows Update and then rebooted without error.

        G{ot backup} TestBeta
        offline▸ Win7Pro SP1 x64 Storage
        online▸ Win10Pro 1909.18363.836 x64 i5-9400 RAM8GB HDD Firefox77.0 Windows{Image/Defender/Firewall}
        1 user thanked author for this post.
        • #2190446 Reply
          Terry Muench
          AskWoody Lounger

          Well, Microsoft has done it again — force fed me KB4551762 (CVE-2020-0796) re: the SMBv3 security hole. Last night I left my PC asleep; this morning I came in to find my PC “ON” and updated without my permission. I am now at 18362.720. I am using StopUpdates10 to Pause updates. This has never happened since I’ve been using StopUpdates10 (a great tool by the way).

          I realize KB4551762 is a critical update but @askWoody has said there are no known exploits. I don’t appreciate Microsoft again ignoring its own rules and NOT honoring my wishes to pause Updates.

          • #2190447 Reply
            jabeattyauditor
            AskWoody Lounger

            Well, Microsoft has done it again — force fed me KB4551762 (CVE-2020-0796) re: the SMBv3 security hole. Last night I left my PC asleep; this morning I came in to find my PC “ON” and updated without my permission. I am now at 18362.720. I am using StopUpdates10 to Pause updates. This has never happened since I’ve been using StopUpdates10 (a great tool by the way).

            I realize KB4551762 is a critical update but @askWoody has said there are no known exploits. I don’t appreciate Microsoft again ignoring its own rules and NOT honoring my wishes to pause Updates.

            Is StopUpdates10 a Microsoft tool?

            1 user thanked author for this post.
            b
            • #2190451 Reply
              Terry Muench
              AskWoody Lounger

              https://greatis.com/stopupdates10/

              No, StopUpdates10 is not from Microsoft. Get it at the link above. I should note that Microsoft finally gave Windows 10 users the ability to pause updates in v1903 aka 19H1. However if I have a choice between Microsoft and a 3rd party tool which probably works, I will choose the 3rd party tool!

               

              • #2190637 Reply
                Paul T
                AskWoody MVP

                No, StopUpdates10 is not from Microsoft

                Then MS is not ignoring you, StopUpdates10 is failing you.
                Stick to known and tested methods – group policy, pause button, metered connections.

                cheers, Paul

                1 user thanked author for this post.
                b
              • #2191088 Reply
                Terry Muench
                Guest

                Then MS is not ignoring you, StopUpdates10 is failing you.
                Stick to known and tested methods – group policy, pause button, metered connections.

                cheers, Paul

                MO MICROSOFT FORCE-FED ME THIS UPDATE. I have StopUpdates10  on all 3 machines, KB4551762 was forced on me on only one machine. Microsoft ignored the face that updates were paused. Updates can also be paused in Windows 10 Home from Settings > Updates & security if you have v1903 (19H1) or higher.

              • #2191132 Reply
                b
                AskWoody Plus

                But you’re using “StopUpdates10 to Pause updates”. So if that doesn’t work, it’s not Microsoft’s fault.

                Windows 10 Pro Version 2004: Group ASAP (chump/pioneer)

      • #2190114 Reply
        WildBill
        AskWoody Plus

        Why be in a hurry to Update Windows?! You usually have us wait until the last week of the current month or the 1st week of next month… yes, humans can catch COVID-19, but electronics are immune to that virus. Sanitize the Outside of your desktops, laptops, tablets, smartphones… & even Echos & Nest smart speakers. Oh Heck, sanitize your smart watches & other wearables, too. Then… WASH YOUR DANG HANDS!

        Windows 8.1, 64-bit, back in Group A... & leaning toward Windows 10 V2004. As long as it's a Lot Less Buggy!
        Wild Bill Rides Again...

        • #2190148 Reply
          woody
          Da Boss

          The reason why I’m concerned in this case is that Catalin Cimpanu — who has a good track record — says that several people have come up with working Proof of Concept exploits. In addition, Kevin Beaumont (who now works for Microsoft!) posted a video of a PoC.

          It’s a long way from a working PoC to a widespread attack — but there’s still good reason to keep your ear to the ground.

          Until there’s a real threat, though, in my opinion, it’s smarter to wait — at least until we see if there are any initial widespread problems.

          4 users thanked author for this post.
      • #2190115 Reply
        anonymous
        Guest

        Windows Server Version 1903 and Windows Server Version 1909 are Semi-Annual Channel releases and SAC releases are only available in Core or Nano Server variants.

        Windows Server 2016 and 2019 are LTSC releases and are available with the Desktop Experience.

        https://docs.microsoft.com/en-us/windows-server/get-started-19/servicing-channels-19

        Francis

        4 users thanked author for this post.
        • #2190129 Reply
          abbodi86
          AskWoody_MVP

          Yep

          it’s not that only Server Core versions are affected, it’s only build 18362 is affected, which for Servers is only available in Core/Nano variant

          i guess build 19041 (ver 2004) is also affected, but it’s not generally available yet, and maybe that’s why it didn’t recieve any updates this month yet (i.e. intentional delay to fix SMB issue)

          2 users thanked author for this post.
      • #2190139 Reply
        EP
        AskWoody_MVP

        check out this recent ZDNet article, woody:

        https://www.zdnet.com/article/microsoft-patches-smbv3-wormable-bug-that-leaked-earlier-this-week/

        Earlier this week, due to what looks like a miscommunication between Microsoft and some antivirus vendors, details about this bug leaked online.

      • #2190141 Reply
        Barry
        AskWoody Plus

        Installed via Windows Update. No apparent problems.

         

        Barry (Seeker)
        Windows 10 Home V 2004

        2 users thanked author for this post.
      • #2190163 Reply
        KYKaren
        AskWoody Plus

        Hidden for me via WUshowhide is KB4540673 (released March 10) and KB4551762 (released March 12); the latter replaces the former according to the MS-Catalog.

        So, when it comes time to update with the March Patch Tuesday/Thursday patches, should I unhide only the latter? If so, what I do about the former?
        ———————-
        Version 1909, Feature Update Deferral= 365, Quality Update Deferral=0, Group Policy>Automatic Windows Update – #2 Notify download/install.

        Offline: Win7Pro ∙ SP1 ∙ x64
        Online: Win10Pro ∙ 1909.18363 ∙ x64 ∙ i7-6500U ∙ RAM 12GB ∙ SSD ∙ Firefox ∙ McAfee Internet Security ∙ Windows Defender
        Online: Win10Pro ∙ 1909.18363 ∙ x64 ∙ i7-8565U ∙ RAM 16GB ∙ SSD ∙ Firefox ∙ McAfee Internet Security ∙ Windows Defender

        • #2190168 Reply
          PKCano
          Da Boss

          Win10 Security Updates are CUMULATIVE Updates. That means the latest one contains the previous ones. So if you install the latest one that contains the one before that, and the one before that…., it would be redundant to install the older patches. In fact, you won’t be able to do so.

          If the newer patch supersedes (replaces) the older patch, the older patch will simply disappear from Windows Update after the newer one (containing it) is issued. By installing the newer patch, you install the older one by definition of “Cumulative”.

          2 users thanked author for this post.
          • #2190187 Reply
            KYKaren
            AskWoody Plus

            I understand supersedence chains and what a cumulative update is.

            You are right, the older patch (KB4540673) is no longer listed in the hidden updates; it WAS there, but it’s gone now. Only the new one (KB4551762) is listed there.
            hidden-updates

            Currently, this is the WU display:
            So, will the newer one disappear from this display, after the WU is next scheduled?
            WU-display-KB4551762

            Evidently, it does not simultaneously get rid of the older one in wushowhide AND the newer one in the WU display.

            Offline: Win7Pro ∙ SP1 ∙ x64
            Online: Win10Pro ∙ 1909.18363 ∙ x64 ∙ i7-6500U ∙ RAM 12GB ∙ SSD ∙ Firefox ∙ McAfee Internet Security ∙ Windows Defender
            Online: Win10Pro ∙ 1909.18363 ∙ x64 ∙ i7-8565U ∙ RAM 16GB ∙ SSD ∙ Firefox ∙ McAfee Internet Security ∙ Windows Defender

            Attachments:
            • #2190202 Reply
              Tex265
              AskWoody Plus

              Assuming you have Windows 10 Pro and are using wushowhide and have Group Policy > Windows Update set to 2:

              With the release of KB4551762,  if you previously hid KB4540673 via wushowhide KB4540673 will now no longer show as hidden (or anywhere) in wushowhide.

              But KB4551762 will now show up in wushowhide and maybe also the Windows Updater queue if you didn’t find it via wushowhide soon after it was released and hid it.

              If it shows in Windows Updater queue, go to wushowhide and hide it.  Then wait until Windows Updater automatically updates itself again (18- 24 hours).  KB4551762 will then be hidden and removed from the Windows Updater.

              To install it, unhide it and wait for Windows Updater to automatically update itself again and it will reappear in the Windows Updater queue to Download.

              Windows 10 Pro x64 v1909 and Windows 7 Pro SP1 x64 (RIP)
              2 users thanked author for this post.
          • #2190383 Reply
            Tomnibus
            AskWoody Lounger

            Given that these are cumulative what about the 2020-02 patch that hosed so many computers? I’m afraid to put in the 2020-03 because I don’t need 100 computers at my company losing their profiles like what happened with the last update.

            Is that no longer a concern?

            • #2190402 Reply
              geekdom
              AskWoody Plus

              From reading here, there has been no Microsoft mention of a fix to profile problems.

              G{ot backup} TestBeta
              offline▸ Win7Pro SP1 x64 Storage
              online▸ Win10Pro 1909.18363.836 x64 i5-9400 RAM8GB HDD Firefox77.0 Windows{Image/Defender/Firewall}
              2 users thanked author for this post.
              • #2190405 Reply
                Tomnibus
                AskWoody Lounger

                Yup, makes me want to not install it.

                1 user thanked author for this post.
              • #2190409 Reply
                woody
                Da Boss

                Good point.

                I finally gave in last month, and recommended that folks install the Win10 1903/1909 cumulative update, but took solace in the fact that we had seen the problem many, many times, and as best I know everybody was able to work around it.

      • #2190207 Reply
        anonymous
        Guest

        Installed the SMBv3 CU on 2 production machines and 2 lab computers, no problems encountered.  Trend Micro AV.  W10 1903.  Going to take a chance.  Approved the rest in WSUS just now.  (~60 devices to update during next 48 hours, roughly.)

      • #2190266 Reply
        r1ma
        AskWoody Plus

        Ditto: Installed via Windows Update. No apparent problems.

         

        1 user thanked author for this post.
      • #2190287 Reply
        James Bond 007
        AskWoody Lounger

        As I understand it, currently this SMB3 vulnerability, according to CVE-2020-0796, is known to only affect SMB 3.1.1, which is only in Windows 10 (1903 / 1909 only?). Other Windows versions like Windows 8.1 use an older version (3.0.2 in the case of Windows 8.1) which is not affected (yet?). Is that correct, Woody?

        If this is so then I would wait and not patch my Windows 8.1 systems any time soon. My Windows 8.1 systems are currently on January 2020 patch level.

        Hope for the best. Prepare for the worst.

        • #2190293 Reply
          anonymous
          Guest

          according to CVE-2020-0796, is known to only affect SMB 3.1.1, which is only in Windows 10 (1903 / 1909 only?).

          Close. This vulnerability affects SMB compression, which is Windows 10 1903/1909 only (added in 2019). SMB compression was added after 3.1.1, they did not change the SMB version number when they added it. SMB 3.1.1 was available earlier, in Windows Server 2016, which does not have SMB compression and is not vulnerable.

          8.1 is unaffected. LTSC 1809 is unaffected.

          Compression is negotiated with a SMB2_NEGOTIATE context of SMB2_COMPRESSION_CAPABILITIES. Whether an implementation of SMB3 supports compression appears to be independent of whether it supports 3.1.1. Theoretically someone could make an smb server that does not support 3.1.1 but does support compression, but Microsoft did not do this.

          Awfully confusing to have features without version numbers, but the reasoning is that compression is optional, so an implementation doesn’t have to support it.

          2 users thanked author for this post.
      • #2190387 Reply
        gborn
        AskWoody_MVP

        I received user feedback from several users reporting install errors 0x800f0988 and 0x800f0900 during installing Update KB4551762.
        Windows 10: Fehler 0x800f0988/0x800f0900 bei KB4551762
        An English blog post will follow (will link it internally within the blog post) later.

        Microsoft Windows Insider MVP, Microsoft Answers Community Moderator, Blogger, Book author

        https://www.borncity.com/win/

        2 users thanked author for this post.
      • #2190490 Reply
        Alex5723
        AskWoody Plus

        Well, Microsoft has done it again — force fed me KB4551762 (CVE-2020-0796) re: the SMBv3 security hole. Last night I left my PC asleep; this morning I came in to find my PC “ON” and updated without my permission.

        I use the build-in deferrals in 1909 pro + GPEdit ‘Notify don’t download’ = 2 and haven’t been forced fed with March updates. My PC is on 24/365.
        It is probably some glitch in your 3rd party blocker settings.
        You can use Microsoft’s wushowhide.diagcab tool instead.

    Viewing 12 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Heads up: Microsoft posts a fix for that SMBv3 security hole. Get ready to install this month’s Windows patches.

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.