Breaking News

Come Visit Geometric Future at Computex 2025 for Exciting New Cases and PC Accessories Gaming Beyond Limits, AI Beyond Imagination ASRock at Computex 2025 Acer releases many new products ahead of Computex 2025 DeepCool Unveils New Product Lineup at COMPUTEX 2025 KIOXIA Leads with Its Industry-Defining Breakthroughs and Technologies at COMPUTEX 2025

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Microsoft Discloses Unpatched Critical SMB Vulnerability in Windows

Microsoft Discloses Unpatched Critical SMB Vulnerability in Windows

Enterprise & IT Mar 11,2020 0

Microsoft, which has recently issued its latest patches for Windows, has also disclosed an unpatched critical vulnerability in the Microsoft Server Message Block 3.1.1 (SMBv3) protocol.

The vulnerability affects ARM64, 32- and 64-bit editions of Windows 10 versions 1903 and 1909, as well as Windows Server versions 1903 and 1909.

According to a Microsoft security advisory, the company is aware of a remote code execution vulnerability in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests.

"An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target SMB Server or SMB Client. To exploit the vulnerability against an SMB Server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 Server. To exploit the vulnerability against an SMB Client, an unauthenticated attacker would need to configure a malicious SMBv3 Server and convince a user to connect to it," Microsoft says.

According to cybersecurity firm FortiGuard Labs, the MS.SMB.Server.Compression.Transform.Header.Memory.Corruption is described as "an attack attempt to exploit a Buffer Overflow Vulnerability in Microsoft SMB Servers".

"The vulnerability is due to an error when the vulnerable software handles a maliciously crafted compressed data packet. A remote, unauthenticated attacker can exploit this to execute arbitrary code within the context of the application", the firm says.

Microsoft suggests a workaround that involves disabling SMBv3 compression, although the company points out that while this will block unauthenticated attackers, it does not prevent SMB clients from being exploited. To disable compression, use the following PowerShell command:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force

Microsoft also advises people to block TCP port 445 at the enterprise perimeter firewall.

Tags: windows 10MicrosoftpatchCybersecurity
Previous Post
Sharp Files Patent Infringement Lawsuit Against Vizio
Next Post
LG's 2020 TV Lineup is Rolling Out

Related Posts

  • Snapdragon X Series is the Exclusive Platform to Power the Next Generation of Windows PCs with Copilot+ Today

  • Activision Blizzard King to Team Xbox

  • NVIDIA Studio Lineup Adds RTX-Powered Microsoft Surface Laptop Studio 2

  • Samsung and Microsoft Unveil First On-Device Attestation Solution for Enterprise

  • Introducing Xbox Game Pass Core, Coming This September

  • Announcing the next wave of AI innovation with Microsoft Bing and Edge

  • Microsoft Announces Security Copilot AI

  • Microsoft breaks new ground in healthcare with the next evolution of AI

Latest News

Come Visit Geometric Future at Computex 2025 for Exciting New Cases and PC Accessories
Enterprise & IT

Come Visit Geometric Future at Computex 2025 for Exciting New Cases and PC Accessories

Gaming Beyond Limits, AI Beyond Imagination ASRock at Computex 2025
Enterprise & IT

Gaming Beyond Limits, AI Beyond Imagination ASRock at Computex 2025

Acer releases many new products ahead of Computex 2025
Enterprise & IT

Acer releases many new products ahead of Computex 2025

DeepCool Unveils New Product Lineup at COMPUTEX 2025
Cooling Systems

DeepCool Unveils New Product Lineup at COMPUTEX 2025

KIOXIA Leads with Its Industry-Defining Breakthroughs and Technologies at COMPUTEX 2025
Enterprise & IT

KIOXIA Leads with Its Industry-Defining Breakthroughs and Technologies at COMPUTEX 2025

Popular Reviews

be quiet! Light Loop 360mm

be quiet! Light Loop 360mm

be quiet! Dark Rock 5

be quiet! Dark Rock 5

be quiet! Dark Mount Keyboard

be quiet! Dark Mount Keyboard

G.skill Trident Z5 Neo RGB DDR5-6000 64GB CL30

G.skill Trident Z5 Neo RGB DDR5-6000 64GB CL30

Arctic Liquid Freezer III 420 - 360

Arctic Liquid Freezer III 420 - 360

Crucial Pro OC 32GB DDR5-6000 CL36 White

Crucial Pro OC 32GB DDR5-6000 CL36 White

Crucial T705 2TB NVME White

Crucial T705 2TB NVME White

be quiet! Light Base 600 LX

be quiet! Light Base 600 LX

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed