Reports indicate that active exploitation against the vulnerability in Microsoft Exchange Server (CVE-2020-0688) for remote code execution have been observed. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.
On 13.03.2020, Microsoft has released an out-of-band security update to address the remote code execution vulnerability (CVE-2020-0796) in its Server Message Block 3.1.1 (SMBv3) protocol. The vulnerability affects Windows 10 as well as Windows Server, version 1903 and version 1909. Successful exploitation of the vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on a targeted SMB Server or SMB Client. Users are advised to apply the latest security update on the affected systems immediately to mitigate the elevated risk of cyber attacks. For detailed information, please refer to the Microsoft security advisories at the following URLs:
On 5.6.2020, the Cybersecurity and Infrastructure Security Agency (CISA) discovered that a functional proof-of-concept (PoC) code exploiting CVE-2020-0796 is publicly available. Reports indicated that malicious attackers are targeting unpatched systems with the new PoC. Administrators are strongly recommanded using a firewall to block SMB ports from Internet accesses and to apply the patch as soon as possible.
Please note that Microsoft announced that the extended support for Windows 7 was ceased on 14 January 2020 and no security updates will be provided after that. Users should arrange upgrading the Windows to Windows 10 or migrating to other supported technology
Microsoft Internet Explorer 9, 11
Microsoft Edge (EdgeHTML-based)
Microsoft Windows 7, 8.1, RT 8.1, 10
Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019
Microsoft Windows Server, version 1803, version 1903, version 1909
Microsoft Office 2010, 2016 for Mac, 2019, 2019 for Mac
Microsoft Office 365 ProPlus
Microsoft Office Online Server
Microsoft Office Web Apps 2010
Microsoft Word 2010, 2013, 2013 RT, 2016
Microsoft Exchange Server 2016, 2019
Microsoft SharePoint Foundation 2010, 2013
Microsoft SharePoint Enterprise Server 2013, 2016
Microsoft SharePoint Server 2010, 2019
Microsoft Business Productivity Servers 2010 Service Pack 2
Microsoft Dynamics NAV 2013, 2015, 2016, 2017, 2018
Microsoft Dynamics 365 Business Central 2019
Microsoft Dynamics 365 BC On Premise
Microsoft Remote Desktop Connection Manager 2.7
Microsoft Visual Studio 2015, 2017, 2019
Azure DevOps Server 2019
Team Foundation Server 2017, 2018
Depending on the vulnerability exploited, a successful attack could lead to remote code execution, elevation of privilege, denial of service, information disclosure, spoofing and tampering.
Patches for affected products, including the vulnerable SMBv3 protocol, are available from the Windows Update / Microsoft Update Catalog. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
To protect systems that are behind that firewall from Internet-based attacks, system administrators should consider blocking TCP port 445 at the enterprise perimeter firewall. System administrators are strongly advised to follow the Microsoft guidelines to prevent SMB traffic entering or leaving the network.