It has been reported that Microsoft leaked info on a security update for a ‘wormable’ pre-auth remote code execution vulnerability found in the Server Message Block 3.0 (SMBv3) network communication protocol that reportedly should have been disclosed as part of this month’s Patch Tuesday. The vulnerability is due to an error when the SMBv3 handles maliciously crafted compressed data packets and it allows remote, unauthenticated attackers that exploit it to execute arbitrary code within the context of the application.
Experts Comments
Linkedin Message
@Kieran Robert, Head of Penetration Testing , provides expert commentary at @Information Security Buzz.
"Currently, Microsoft do not have a patch for this and they have not commented (so far) on when one might be available. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-insight-on-microsoft-leaks-info-on-wormable-windows-smbv3-cve-2020-0796-flaw
Facebook Message
@Kieran Robert, Head of Penetration Testing , provides expert commentary at @Information Security Buzz.
"Currently, Microsoft do not have a patch for this and they have not commented (so far) on when one might be available. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-insight-on-microsoft-leaks-info-on-wormable-windows-smbv3-cve-2020-0796-flaw
Be part of our growing Information Security Expert Community (1000+), please register here.
Linkedin Message
@Satnam Narang, Senior Research Engineer, provides expert commentary at @Information Security Buzz.
"The flaw was identified as CVE-2020-0796, though it is unclear whether or not Microsoft will use this identifier once their patch is released. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-insight-on-microsoft-leaks-info-on-wormable-windows-smbv3-cve-2020-0796-flaw
Facebook Message
@Satnam Narang, Senior Research Engineer, provides expert commentary at @Information Security Buzz.
"The flaw was identified as CVE-2020-0796, though it is unclear whether or not Microsoft will use this identifier once their patch is released. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-insight-on-microsoft-leaks-info-on-wormable-windows-smbv3-cve-2020-0796-flaw