CVE-2020-0796 - a "wormable" SMBv3 vulnerability.
Great...
pic.twitter.com/E3uPZkOyQN
This is the legacy version of twitter.com. We will be shutting it down on June 1, 2020. Please switch to a supported browser, or disable the extension which masks your browser. You can see a list of supported browsers in our Help Center.
Vulnerability Analyst at the CERT/CC. My thoughts are my own, not my employer's.
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Add this Tweet to your website by copying the code below. Learn more
Add this video to your website by copying the code below. Learn more
By embedding Twitter content in your website or app, you are agreeing to the Twitter Developer Agreement and Developer Policy.
| Country | Code | For customers of |
|---|---|---|
| United States | 40404 | (any) |
| Canada | 21212 | (any) |
| United Kingdom | 86444 | Vodafone, Orange, 3, O2 |
| Brazil | 40404 | Nextel, TIM |
| Haiti | 40404 | Digicel, Voila |
| Ireland | 51210 | Vodafone, O2 |
| India | 53000 | Bharti Airtel, Videocon, Reliance |
| Indonesia | 89887 | AXIS, 3, Telkomsel, Indosat, XL Axiata |
| Italy | 4880804 | Wind |
| 3424486444 | Vodafone | |
| » See SMS short codes for other countries | ||
This timeline is where you’ll spend most of your time, getting instant updates about what matters to you.
Hover over the profile pic and click the Following button to unfollow any account.
When you see a Tweet you love, tap the heart — it lets the person who wrote it know you shared the love.
The fastest way to share someone else’s Tweet with your followers is with a Retweet. Tap the icon to send it instantly.
Add your thoughts about any Tweet with a Reply. Find a topic you’re passionate about, and jump right in.
Get instant insight into what people are talking about now.
Follow more accounts to get instant updates about topics you care about.
See the latest conversations about any topic instantly.
Catch up instantly on the best stories happening as they unfold.
CVE-2020-0796 - a "wormable" SMBv3 vulnerability.
Great...
pic.twitter.com/E3uPZkOyQN
And if it wouldn't be enough interesting, they just did this...
pic.twitter.com/C1fsNKQy1m
And I was late to find, others was faster... So even if I would delete my tweet (when I saw the first reply saying it was deleted), it would be already late...pic.twitter.com/1yyKkcmjlk
"This indicates an attack attempt to exploit a Buffer Overflow Vulnerability in Microsoft SMB Servers." Source: https://fortiguard.com/encyclopedia/ips/48773 …pic.twitter.com/rxhkFH2Fv0
"Created: today
Updated: yesterday
Severity: maximum"
What's going on?
pic.twitter.com/cMjmxISOyz
People started to ask, so adding it here too to get more visibility: "how to disable SMBv3 compression"?pic.twitter.com/k2zlPTkGmj
A few concerns: 1) Isn't LanManWorkstation for the SMB Client, and LanManServer for the Server? Latter seems more relevant here. 2) CompressionEnabled isn't a registry value that I see a reference to. DisableCompression is, though. 3) This all is for SMB2. Does it apply to SMBv3?pic.twitter.com/Z2IRMCjg2d
Check: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv200005 …pic.twitter.com/LOevhCM8a8
Well that answers that! Much better than trusting a hunch.
I'm wondering about the client side now. The note saying "This workaround does not prevent exploitation of SMB clients." makes me wonder if an existing session is necessary. In other words would client side exploitation require a malicious server? Blah I need to learn more SMB
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.