The SMBv3 Vulnerability CVE-2020-0796
On March 10, 2020 a serious but unpatched vulnerability (CVE-2020-079696) in the Windows SMBv3 protocol has become public. This vulnerability could allow the spread of worms, but is not currently believed to be exploited. Microsoft had stopped the release of a security update to close the vulnerability at the last second, but could not prevent the information from being published. Therefore, a security advisory ADV200005was issued on March 10, 2020.
The vulnerability (CVE-2020-0796)in Microsoft implementation of the SMBv3 protocol (version 3.1.1) affects the following versions of Windows:
- Windows Server Version 1903 (Server Core Installation)
- Windows Server Version 1909 (Server Core Installation)
- Windows 10 Version 1903 for 32-bit Systems
- Windows 10 Version 1903 for ARM64-based Systems
- Windows 10 Version 1903 for x64-based Systems
- Windows 10 Version 1909 for 32-bit Systems
- Windows 10 Version 1909 for ARM64-based Systems
- Windows 10 Version 1909 for x64-based Systems
I had reported in detail in the blog post Windows SMBv3 0-day vulnerability CVE-2020-0796.
Security update KB4551762 patches CVE-2020-0796
I received a security advisory from Microsoft regarding the SMBv3 vulnerability from Microsoft a few hours ago, announcing a security update. Furthermore, blog reader deoroller has pointed this out here (thanks for that).
Das Microsoft Security Update Releases March 12, 2020
The two documents CVE-2020-0796 and ADV200005 have been revised because the update is available.
– CVE-2020-0796 | Windows SMBv3 Client/Server Remote Code Execution Vulnerability
– Version: 1.0
– Reason for Revision: Information published. CVE-2020-0796 resolves the issue
discussed in ADV200005.
Customers who have already installed the updates released on March 10, 2020
for the affected operating systems should install KB4551762 to be protected from
– Originally posted: March 12, 2020
– Updated: N/A
– Aggregate CVE Severity Rating: Critical
– ADV200005 | Microsoft Guidance for Disabling SMBv3 Compression
– Version: 2.0
– Reason for Revision: CVE-2020-0796 has been published to address this
vulnerability. Please see CVE-2020-0796 – Originally posted: March 10, 2020
– Updated: March 12, 2020
– Aggregate CVE Severity Rating: N/A
Update KB4551762 for Windows 10
Update KB4551762 is available for Windows 10 Version 1903, Windows Server Version 1903, Windows 10 Version 1909, and Windows Server Version 1909 and raises the build to 18362.720 (Windows 10 V1903) and 18363.720 (Windows 10 V1909).
The Download button in the figure above appears (according to the blog reader deoroller) on the Windows Update page only when a timed connection is used. Otherwise the update should be downloaded and installed automatically. The update only fixes the vulnerability in the compression of the SMB 3.1.1 protocol. The protocol is used when sharing files and printers on the network.
Important: If you applied the workaround to turn off compression from my blog post Windows SMBv3 0-day vulnerability CVE-2020-0796, re-enable compression. Otherwise, performance issues may occur. For instructions on how to undo the workaround, see the blog post.