Microsoft's latest standard Patch Tuesday included an additional piece of information regarding a "wormable" vulnerability in Microsoft Server Message Block 3.0 (SMBv3) that would allow an attacker to go after Windows 10 and Windows Server users. Worse of all, it has yet to be patched (via Ars Technica).
This is reminiscent of the vector for the WannaCry and NotPetya attacks in 2017, but thankfully, in this case, the SMB 3.1.1 protocol is less widely distributed than the flawed SMB protocol exploited in those cases. Individual users are out of luck until a patch is available. Thankfully, Microsoft has a temporary solution for Windows Server users.
- Microsoft says 99.9% of accounts get hacked for this reason: How to protect yourself
- Critical Intel CPU flaw affects millions of laptops — and it's unpatchable
- Windows 10 update flaw causes laptops to automatically wake from sleep mode
Microsoft SMB is used to share resources (files, printers, scanners, etc.) on local networks or over the internet. According to the Microsoft advisory:
"To exploit the vulnerability against an SMB Server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 Server. To exploit the vulnerability against an SMB Client, an unauthenticated attacker would need to configure a malicious SMBv3 Server and convince a user to connect to it."
While there is no evidence of an exploit in the wild yet, this kind of attack can be carried out remotely, so Windows Server users should follow Microsoft's recommendation and disable SMBv3 compression until a patch is available.