Today, Microsoft releases a patch to address an SMBv3 security flaw. The patch number KB4551762 is applicable to Windows 10 version 1909, and version 1903. After installing the update, the OS version will be raised to 18363.720 and 18362.720, respectively.
KB4551762 is a security update to the Microsoft Server Message Block 3.1.1 (SMBv3). It resolves issues with the SMBv3 protocol that provides shared access to files and printers.
The vulnerability only exists in a new compression feature added to Windows 10 version 1903 and 1909. Older Windows versions didn't receive that feature, so they remain not affected.
Here are some details on the security flaw that is now fixed by KB4551762.
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client.
To exploit the vulnerability against a server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 server. To exploit the vulnerability against a client, an unauthenticated attacker would need to configure a malicious SMBv3 server and convince a user to connect to it.
How to install the KB4551762 update
To download this update, open Settings - > Update &recovery and click on the Check for Updates button on the right.
Alternatively, you can get it from the Windows Update online catalog.
More details can be found HERE and HERE.
If for a reason you cannot install and apply the patch, the vulnerability can be mitigated by disabling the compression feature. Microsoft explains that this can be done with the following PowerShell command:
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force
Also, admins can additionally block the TCP port 445 to deny access to SMB servers.
Helpful links
- Find Which Windows 10 Edition You Have Installed
- How to find the Windows 10 version you are running
- How to find the Windows 10 build number you are running
- How to install CAB and MSU updates in Windows 10
Support us
Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options: