Microsoft has published a statement on a vulnerability of their implementation of the Server Message Block 3.1.1 (SMB) protocol found in versions of Windows 10 1903 and 1909, as well as Windows Server 2019 versions 1903 and 1909. This exploit grants attackers the ability to run software remotely on the affected machines by sending a specialized packet of data to a vulnerable server, or in the case of a Windows 10 computer connect to a malicious or infected server. If left unchecked, in a worst-case scenario the exploit could allow a malicious program to spread across a network and infect other machines vulnerable to the exploit. This vulnerability does not affect machines running older versions of Windows and Windows Server since the exploit is only found in Microsoft’s version of SMB 3.1.1. As of now there are no malware which currently use this exploit, but that could change in the future if an attacker creates a working program which successfully uses it. Microsoft has released the KB4551762 update which patches this vulnerability. There are also workarounds to prevent the affected machines from being exploited such as blocking port 445 from the outside networks on the internal network’s firewall and disabling SMB compression on a vulnerable server. Note that if port 445 is disabled it might disrupt file and printer sharing services if the port is normally used from outside the network, but this would not disrupt those services if the network is accessed using a Virtual Private Network (VPN). This will not prevent Windows 10 computers from being exploited from inside the network however, as that would require disabling the port internally as well which would disrupt SMB if it is used for device to connect to a server hosting those services.

If you would like help configuring any of these steps, please call the TIC help desk at 617-884-1086.