Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Wednesday March 11 2020, @04:31PM   Printer-friendly
from the who-remembers-the-Morris-Worm? dept.

Windows has a new wormable vulnerability, and there's no patch in sight:

The vulnerability exists in version 3.1.1 of the Server Message Block 3.1.1 that's used to share files, printers, and other resources on local networks and over the Internet. Attackers who successfully exploit the flaw can execute code of their choice on both servers and end-user computers that use the vulnerable protocol, Microsoft said in this bare-bones advisory.

The flaw, which is tracked as CVE-2020-0796, affects Windows 10 and Windows Server 2019, which are relatively new releases that Microsoft has invested huge amounts of resources hardening against precisely these types of attacks. Patches aren't available, and Tuesday's advisory gave no timeline for one being released.

[...] In the meantime, Microsoft said vulnerable servers can be protected by disabling compression to block unauthenticated attackers from exploiting the vulnerability against an SMBv3 server. Users can use the following PowerShell command to turn off compression without needing to reboot the machine:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force

That fix won't protect vulnerable client computers from attack. Microsoft also recommended users block port 445, which is used to send SMB traffic between machines.

[...] Jake Williams, a former NSA hacker and the founder of security firm Rendition Security, said in a Twitter thread that both those factors would likely buy vulnerable networks time.

"The TL;DR here is that this IS serious, but it isn't WannaCry 2.0," he wrote. "Fewer systems are impacted and there's no readily available exploit code. I'm not thrilled about another SMB vuln, but we all knew this would come (and this won't be the last). Hysteria is unwarranted though."

As if admins who are trying to support all the additional people who are trying to work remotely — thanks to COVID-19 — had nothing else to worry about.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Funny) by Anonymous Coward on Wednesday March 11 2020, @05:29PM

    by Anonymous Coward on Wednesday March 11 2020, @05:29PM (#969710)

    Is this how they took down the 9M bots?

    Starting Score:    0  points
    Moderation   +1  
       Funny=1, Total=1
    Extra 'Funny' Modifier   0  

    Total Score:   1