Microsoft has released a patch to fix a remote code execution flaw in the SMB protocol affecting Windows 10 PC and their servers. SMB is used by Active Directory, for network file sharing and some printers.
Microsoft have published a security advisory which details the scope of the flaw. The problem is the way the SMBv3 protocol handles certain requests that use compression. If the patch cannot be installed promptly, network managers can mitigate the risk by disabling SMBv3 compression with a PowerShell command.
According to Microsoft:
Microsoft is aware of a remote code execution vulnerability in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target SMB Server or SMB Client.
To exploit the vulnerability against an SMB Server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 Server. To exploit the vulnerability against an SMB Client, an unauthenticated attacker would need to configure a malicious SMBv3 Server and convince a user to connect to it.
The vulnerability is tracked under MITRE CVE-2020-0796
Since SMB is essential to the operation of Active Directory, it cannot be disabled in enterprise networks. Flaws in SMB pave the way for wormable attacks such as Wannacry which can propagate laterally across a network. Recognising this risk, Microsoft has published a useful guide to aide network managers to securely configure their SMB network traffic.