Critical remote unauthenticated vulnerability in SMBv3

  • CERT Admin
  • Mon Mar 02 2020
  • Alerts

Systems Affected

Modern Windows system running SMBv3.1.1
  ✻  Windows 10 version 1903
  ✻  Windows 10 versions 1909
  ✻  Windows Server version 1903
  ✻  Windows Server version 1909

Threat Level 



Microsoft SMBv3.1.1 is vulnerable for pre‐authentication remote code execution.


This vulnerability allows an attacker to gain complete takeover of machines that exposed SMB serveries and this vulnerability acts like a worm and able to spread autonomously. A similar vulnerability which was in SMBv1 was responsible for the WannaCry ransomware, and this could lead to a similar type attack if it is not patched.
To compromise an SMB Server, what all is required is to connect to the SMB server and send a specially crafted packet. To inject a client, an attacker must convince a user to connect to a malicious file share. 


    ✻  Execute arbitrary code
    ✻  Disruption of service
    ✻  Malware, ransomware infections

Solution/ Workarounds 

    ✻  Apply the latest patch relevant to your version of Windows 10 or windows Server immediately -
    ✻  If you are unable to apply the patch immediately then Sri Lanka CERT advises you:
    ✦  Disable SMBv3 compression
    ✦  Block TCP on port 445




The information provided herein is on "as is" basis, without warranty of any kind. 

Last updated: Mon Mar 02 2020