Microsoft Issues Security Advisory for SMBv3 - Binary Defense

Threat Watch

Share on facebook
Share on twitter
Share on linkedin

Microsoft Issues Security Advisory for SMBv3

Microsoft has released a security advisory for a remote code execution vulnerability recently discovered with SMBv3, the protocol commonly used within businesses for file sharing. To exploit an SMB server, an unauthenticated attacker only needs to send a specially crafted request. Exploiting a client is harder, as it would require the client to connect to an attacker-controlled server. So far, Microsoft has not detected any exploitation attempts with this vulnerability. Further information about the vulnerability has not yet been made available.

ANALYST NOTES

Until updates are made available, Microsoft has offered a workaround for the issue. Servers can disable SMBv3 compression with a registry edit. The Powershell snippet will set the value: Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters” DisableCompression -Type DWORD -Value 1 -Force Please note that this command only protects SMB servers from attempts to exploit this vulnerability and will not protect clients. To re-enable SMBv3 compression, simply re-run the Powershell snippet while changing the “1” to a “0”. In most environments, external SMB file sharing is not necessary and should be blocked at the firewall. This could prevent clients from connecting to attacker-controlled servers. Source: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200005

Contact Support

Please complete the form below and a member of our support team will respond as quickly as possible.