We believe that 0day or public available script would appear within 3 days to 2 weeks. At this point, we suggest acting fast to protect the systems before receiving the system patch.
We recommend you to disable the compression of SMB traffic mentioned in the Microsoft Advisory.We highly recommend you to review the firewall setup to block SMB port 445 to the internet as this protocol should not be an internet-facing protocol.We suggest starting data backup to prevent any data lost or hit by ransomware due to unpatched system.
Reference
- https://www.zdnet.com/article/details-about-new-smb-wormable-bug-leak-in-microsoft-patch-tuesday-snafu/
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200005
- https://en.wikipedia.org/wiki/Server_Message_Block#SMB_2.1
- https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/1d435f21-9a21-4f4c-828e-624a176cf2a0
- https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/c79ff63c-871a-49d6-9940-cabdf5f3f4e2
- https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/cd3396ca-dafd-4712-af2c-7e0cdff5758e
#CVE-2020-0796 #SMB #firewall #ransomware
