Security News > 2020 > March > Thought you were done after Tuesday's 115-fix day? Not yet: Microsoft emits SMBv3 worm-cure crisis patch
Microsoft has released an out-of-band emergency patch for a wormable remote-code execution hole in SMBv3, the Windows network file system protocol.
The SMB bug fix was a late addition to Microsoft's March edition of Patch Tuesday - after the security hole was accidentally disclosed by the Cisco Talos research team in a blog post recapping this month's updates: Cisco thought Microsoft had fixed the bug this week as part of March's Patch Tuesday, and alerted the world to the bug's presence to get people to install their updates.
In reality, Microsoft hoped to patch the hole later this year, no patch was available, and now everyone knew there was a hole in the compression part of the SMBv3 code.
The revelation sent Microsoft scrambling to post a fix for the flaw, dubbed SMBGhost, just hours after it had emitted updates for 115 other CVE-listed security vulnerabilities.
"If you are managing updates on behalf of your organization, you should download the latest updates from the Microsoft Security Update Guide and apply those updates to your Windows." .
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/03/12/smb_patch_microsoft/
Related news
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft slips Task Manager and processor count fixes into Patch Tuesday (source)
- Microsoft says premature patch could make Windows Recall forget how to work (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Microsoft holds last Patch Tuesday of the year with 72 gifts for admins (source)
- Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)