Share this article

Improve this guide

Update KB4551762 patches SMBv3 protocol bug

3 min. read

Published onMarch 12, 2020

published onMarch 12, 2020

Share this article

Improve this guide

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Cumulative updates KB4551762 forWindows 10versions 1903 and 1909 are now live. The files contain critical security fixes and a couple of quality enhancements for the operating systems.

But the patch for the bug affecting the Microsoft Server Message Block 3.1.1 (SMBv3) protocol is the star of the latest CU.

The SMB 3 protocol issue (CVE-2020-0796)

The SMB 3 protocol issue (CVE-2020-0796)

The bug came to the fore after Microsoft inadvertently revealed it when it rolled out theMarch Patch Tuesdayupdates. Next, the company issued an advisory that included suggestions for circumventing the SMB 3 protocol glitch.

If you have not tried implementing any of the proposed workarounds yet, there is no cause for alarm. Microsoft hasannounceda patch for the problem.

Updates a Microsoft Server Message Block 3.1.1 protocol issue that provides shared access to files and printers.

CVE-2020-0796 is a remote code execution (RCE) vulnerability

CVE-2020-0796 is a remote code execution (RCE) vulnerability

Microsoftsaidthat malicious actors could take advantage of the CVE-2020-0796 vulnerability to launch a server- or client-side attack. Worse still, they would not need to supply the correct user credentials to remotely send a specially-crafted request to an SMBv3 server of interest.

It appears that such a hacker would have to rely on an authenticated user to attack an SMB 3 client.

Thanks to CU KB4551762, the tool is no longer vulnerable to such illicit, RCE coding.

The security update addresses the vulnerability by correcting how the SMBv3 protocol handles these specially crafted requests.

The SMB 3 protocol makes it possible for applications to share files and printers in a computer network. So, when it is a potential target for hackers, patching is not optional.

Keep in mind that Microsoft only said the workaround it proposed might be helpful. In other words, it was a stopgap measure you would not count on in some scenarios.

It is not hard to imagine the kind of damage a hacker would do if they exploited the CVE-2020-0796 vulnerability and accessed sensitive personal data or confidential files in your organization.

Now is the time to patch

The KB4551762 patch installs on your PC automatically if you usually access the latest OS updates via the Windows Update channel.

You may also update manually after downloading the package from theWindows Update Catalog. The third option is automatic syncing with Windows Server Update Services based on your Products and Classifications settings.

Do not forget to backup your files and data before updating to the latest Windows 10 build, though.

More about the topics:bugs,windows 10 updates

Don Sharpe

Tech Journalist

Don has been writing professionally for over 10 years now, but his passion for the written word started back in his elementary school days. His work has been published on Livebitcoinnews.com, Learnbonds.com, eHow, AskMen.com, Forexminute.com, The Writers Network and a host of other companies.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Don Sharpe

Tech Journalist

Don has been writing professionally for over 10 years now, simplifying the tech universe for the mases.