Ref# Microsoft | Date: Mar 17th 2020

---

Microsoft has released out-of-band security updates to address a remote code execution vulnerability (CVE-2020-0796) in Microsoft Server Message Block 3.1.1 (SMBv3). Server Message Block (SMB) is a protocol that allows client machines to access files on servers. It is recommended that you take the necessary precautions by ensuring your products are always updated:

• CVE-2020-0796 | Windows SMBv3 Client/Server Remote Code Execution Vulnerability

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796

• ADV200005 | Microsoft Guidance for Disabling SMBv3 Compression:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv200005

• Microsoft SMBv3 compression remote code execution vulnerability: https://www.kb.cert.org/vuls/id/872016/

Note: This vulnerability affects mainly Windows 10 systems.

The Guyana National CIRT recommends users and administration to review this update and apply where necessary.

 

References

• Microsoft Releases Out-of-Band Security Updates for SMB RCE Vulnerability. (2020, March 12). Retrieved from Us-Cert: https://www.us-cert.gov/ncas/current-activity/2020/03/12/microsoft-releases-out-band-security-updates-smb-rce-vulnerability