Did Microsoft accidentally create a Zero-Day that hackers are attempting to exploit right now?
It at least gave them a clue on where to look for it.
Microsoft issued more than 100 security patches and related notices on March 10, 2020. But one of the items on the list was not supposed be thereāat least not yet.
Cybersecurity vendors caught the notice of a wormable Microsoft Server Message Block (SMB) vulnerability designated as CVE-2020-0796.
However, following the notification, Microsoft did not issue a patch for the problem. On March 11, the company said there was no patch ready for the SMB security hole.
[Update: Microsoft issues emergency patch on March 12]
FortiGuard Labs posted more on what the vulnerability is about:
"This indicates an attack attempt to exploit a Buffer Overflow Vulnerability in Microsoft SMB Servers. The vulnerability is due to an error when the vulnerable software handles a maliciously crafted compressed data packet. A remote, unauthenticated attacker can exploit this to execute arbitrary code within the context of the application."
According to Fortinet, impacted products include:After news of this issue came to light, Microsoft did issue Security Advisory ADV200005. It said there was no patch, however, there is a workaround for the vulnerability.
The workaround requires you to disable SMBv3 Server with a specific PowerShell command. You can read about it here.
[Story Update: Microsoft issues emergency patch on March 12]
How does the cybersecurity patching ecosystem work? And what kind of positive impact does it make on security?
Listen to our interview with Brian Gorenc who directs the Zero Day Initiative (ZDI), which is the world's largest vendor agnostic bug bounty program.