Wormable Vulnerability in Windows 10 (CVE-2020-0796)

Microsoft have just released a security advisory about a new critical vulnerability (CVE-2020-0796) in Microsoft Server Message Block 3.1.1 (SMBv3). Server Message Block (SMB) is a protocol used to share resources and data between and client and a server. It is very commonly found on internal networks for users to authenticate and share files using a central server.

According to Microsoft this bug is wormable, meaning it can spread automatically between computers. This is similar to the vulnerability which was used by the WannaCry ransomware which took down parts of the NHS in 2017.

Very little information is currently known about this new flaw and the time it takes before a working exploit is created is unknown. If the vulnerability is easy to exploit, we could see real attacks in the wild, possibly, as soon as the end of the week.

Microsoft have not yet released a patch for this vulnerability, but we expect one to be released very soon. In the meantime, they have released a workaround (see below).

UPDATE 12/03/2020: Microsoft has now released a patch for this issue. Users who have already installed the updates released on March 10, 2020 for the affected operating systems should install KB4551762 to be protected from this vulnerability.