News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Blog Archives

  • Heads up: Microsoft posts a fix for that SMBv3 security hole. Get ready to install this month’s Windows patches.

    Posted on March 12th, 2020 at 10:57 woody Comment on the AskWoody Lounge

    Microsoft just released the patch that it almost released on Tuesday. It’s the SMBv3 patch that’s set the security community on fire.

    KB 4551762, which fixes CVE-2020-0796 is a regular, old-fashioned Win10 cumulative update, but it’s only made for Win10 1903, 1909, Server  1903 Core and Server 1909 Core. (I still have no idea why only Server Core versions are affected.)

    Anyway, I’m going to keep my eyes open for any obvious problems and, if the coast looks reasonably clear, we may be moving to MS-DEFCON 3 or 4 pretty quickly.

    For now, hold off. There are no known exploits. But be ready to twitch that clicking finger.

    Will keep you posted.

    UPDATE: 24 hours later, I still haven’t seen an in-the-wild exploit. But there are many reports of a repeat of the “missing icon”/temporary profile bug associated with KB 4551762.

    Kevin Beaumont tweeted:

    For anybody pondering, I’ve tried various exploits for CVE-2020-0796 – with a default config and vulnerable Windows 10 install, Windows Defender detects the exploit attempt. If you have automatic updates enabled you will also have the patch already.

    It’s a significant security hole, but it doesn’t appear to be an imminent threat.

    Mayank Parmar has a recounting of the bugs in Windows Latest.

    Still watching.

  • It looks like the announced-but-not-fixed CVE-2020-0796 “CoronaBlue” vuln is only for Server 1903 and 1909

    Posted on March 11th, 2020 at 08:21 woody Comment on the AskWoody Lounge

    I’ll have more details about this shortly, but many of you admins are rightly concerned about the CVE-2020-0796 security hole, which was announced, then not announced, then announced again in Microsoft ADV200005 | Microsoft Guidance for Disabling SMBv3 Compression.

    Long story short, it looks like MS was poised to release a patch yesterday, then decided at the last minute to cancel the patch — but somehow word of the cancellation didn’t make it to at least two organizations that published details about it.

    It looks like the security hole only affects Win10 1903, 1909, Server 1903 and 1909. Per Florian Roth:

    There’s a lot of information available about the hole and countermeasures from Satnam Narang on Tenable, from Sergiu Gatlan at BleepingComputer, Catalin Cimpanu at ZDNet and, in the past couple of hours, Dan Goodin at Ars Technica. Those of you running networks with SMBv3 should take a look.

    If you’re running a network on Win7 or Server 2008 R2, you’re good. SMBv3 didn’t even exist back then. 🙂

    And if you aren’t in charge of a network, sit back and smile. You have other things to worry about.

    UPDATE: Catalin Cimpanu now says:

    I have now seen/talked to 3 different people claiming they found the bug in less than 5 minutes. I won’t be surprised if exploits pop up online by the end of the day.