Public exploits are now available for the high-risk Microsoft Windows CVE-2020-0796 vulnerability, which exists in the processing of SMB version 3.1. Only systems named in the affected versions list are impacted. Older versions do not use the vulnerable code and are not impacted.
Exploits can be used for privilege escalation or combined with other tactics to allow an attacker to remotely take control of an affected system.
Central IT strongly recommends expeditious remediation of vulnerable systems. ESCS Windows Engineering server systems are not impacted by this vulnerability.
Vulnerability
Affected Versions
- Windows 10 Version 1903 for 32-bit Systems
- Windows 10 Version 1903 for ARM64-based Systems
- Windows 10 Version 1903 for x64-based Systems
- Windows 10 Version 1909 for 32-bit Systems
- Windows 10 Version 1909 for ARM64-based Systems
- Windows 10 Version 1909 for x64-based Systems
- Windows Server, version 1903 (Server Core installation)
- Windows Server, version 1909 (Server Core installation)
Remediation
- Download and install this patch: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796
- Note: If Windows Update is enabled, the patch may already be installed. Please search for installation of KB4551762 or refer to: https://support.microsoft.com/en-us/help/4551762/windows-10-update-kb4551762
- For systems where the patch cannot be deployed, please disable SMB compression with the PowerShell command below until patching is complete:
- Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters” DisableCompression -Type DWORD -Value 1 -Force
As always, appropriate vendor-supplied patches or upgrades should be applied as soon as possible. If patching is not feasible, risk can be managed by implementing mitigating controls or removing the vulnerable system from service.
Please direct questions to the IT Support Center at askIT@udel.edu or (302)831-6000.