Security News > 2020 > March > Thought you were done after Tuesday's 115-fix day? Not yet: Microsoft emits SMBv3 worm-cure crisis patch
Microsoft has released an out-of-band emergency patch for a wormable remote-code execution hole in SMBv3, the Windows network file system protocol.
The SMB bug fix was a late addition to Microsoft's March edition of Patch Tuesday - after the security hole was accidentally disclosed by the Cisco Talos research team in a blog post recapping this month's updates: Cisco thought Microsoft had fixed the bug this week as part of March's Patch Tuesday, and alerted the world to the bug's presence to get people to install their updates.
In reality, Microsoft hoped to patch the hole later this year, no patch was available, and now everyone knew there was a hole in the compression part of the SMBv3 code.
The revelation sent Microsoft scrambling to post a fix for the flaw, dubbed SMBGhost, just hours after it had emitted updates for 115 other CVE-listed security vulnerabilities.
"If you are managing updates on behalf of your organization, you should download the latest updates from the Microsoft Security Update Guide and apply those updates to your Windows." .
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/03/12/smb_patch_microsoft/
Related news
- Microsoft discloses Office zero-day, still working on a patch (source)
- Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited (source)
- Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws (source)
- Patch Tuesday for September 2024: Microsoft Catches Four Zero-Day Vulnerabilities (source)
- Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day (source)