We believe that 0day or public available script would appear within 3 days to 2 weeks. At this point, we suggest acting fast to protect the systems before receiving the system patch.​

We recommend you to disable the compression of SMB traffic mentioned in the Microsoft Advisory.​We highly recommend you to review the firewall setup to block SMB port 445 to the internet as this protocol should not be an internet-facing protocol.​We suggest starting data backup to prevent any data lost or hit by ransomware due to unpatched system.​

Reference

• https://www.zdnet.com/article/details-about-new-smb-wormable-bug-leak-in-microsoft-patch-tuesday-snafu/
• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200005
• https://en.wikipedia.org/wiki/Server_Message_Block#SMB_2.1
• https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/1d435f21-9a21-4f4c-828e-624a176cf2a0
• https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/c79ff63c-871a-49d6-9940-cabdf5f3f4e2
• https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/cd3396ca-dafd-4712-af2c-7e0cdff5758e

#CVE-2020-0796 #SMB #firewall #ransomware