Microsoft pushed out this patch “out-of-band”, the day it was available, to all our clients & affected servers, and it required a mandatory reboot.
This is important. Please review urgently.
The patch for the SMB compression RCE is released.
- CVE-2020-0796 | Windows SMBv3 Client/Server Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796It applies to all Windows 10 version 1903 & 1909, and Windows Server version 1903 & 1909. Does not apply to Windows Server 2019, W10 LTSC, or any older OSes and versions.
Additionally, you will want to look at firewall best practices and configurations to enhance security and prevent malicious traffic from leaving computers or their network.
Here is guidance on how to accomplish this:
- SUPPORT: Preventing SMB traffic from lateral connections and entering or leaving the network
https://support.microsoft.com/en-us/help/3185535/preventing-smb-traffic-from-lateral-connections
(Obtained from Ned Pyle. Good thread here on the topic & background:
https://twitter.com/NerdPyle/status/1238144361067511810)
kurtsh
Kurt Shintaku's Blog 