A misunderstanding between Microsoft and his partners seem to be the basis for the premature revelation of a new one vulnerabilities in the SMB 3.1.1 protocol (Microsoft Server Message Block), used for example to share files on corporate networks. The vulnerability, known through the security advisory CVE-2020-0796makes it possible gain complete system control and spread the infection. At the moment the technical details have not yet been revealed.
New SMB vulnerability puts computers at risk
The new vulnerability in SMB means that an attacker can send a packet to an SMBv3 server and subsequently take control of it. On the other hand, however, it is possible to take control of a client when it connects to a compromised server.
The new vulnerability is wormable, or transformable by the attackers into a worms, a self-replicating malware that automatically infects new computers when it detects and propagates the infection itself without the need for further intervention.
It is worth mentioning that it was an SMB vulnerability that allowed the creation of ransomware such as WannaCry and NotPetya, capable of bringing the IT systems of companies and organizations all over the world to their knees. Like the current vulnerability, even then it was an exploit wormable.
The new vulnerability does not require that there is physical access to the machine, therefore, but its danger lies not only in the fact that it can be exploited by using malware sent via e-mail, but also by attacking remotely. For this reason Microsoft recommends blocking access to port 445 from outside the company perimeter.
To contain the problem before releasing a patch, simply disable packet compression, thus protecting the servers but not the clients.
More information is available in the notice on the Microsoft website.
