I’ve been sitting on pins and needles wondering when an in-the-wild exploit for the just-patched SMBv3 security hole might appear. Looks like it’s muc
[See the full post at: CVE-2020-0796, the SMBv3 security hole, doesn’t pose an immediate threat]
![]() |
There are isolated problems with current patches, but they are well-known and documented on this site. |
SIGN IN | Not a member? | REGISTER | PLUS MEMBERSHIP |
-
CVE-2020-0796, the SMBv3 security hole, doesn’t pose an immediate threat
Home » Forums » Newsletter and Homepage topics » CVE-2020-0796, the SMBv3 security hole, doesn’t pose an immediate threat
- This topic has 5 replies, 5 voices, and was last updated 5 years, 2 months ago.
AuthorTopicViewing 4 reply threadsAuthorReplies-
Seff
AskWoody Plus -
Mr. Natural
AskWoody Lounger -
anonymous
GuestMarch 13, 2020 at 6:22 pm #2190544If you run an SMB server, then you don’t need to patch, you just need to disable compression.
KASLR makes it much harder for unsophisticated attackers to execute code, but a denial of service exploit causing a computer to crash would not need to defeat KASLR and could be accomplished by anyone.
KASLR is not perfect protection: Every time you see an “Information Disclosure Vulnerability” listed as “2 – Exploitation Less Likely” in a Microsoft Security Guidance (there are TONS of these fixed every security update), that is potentially information that can be used to defeat KASLR.
If you read Google Project Zero, they make bypassing KASLR look easy, all the time. It may deter script kiddies, but it’s not gonna deter serious adversaries.
Luckily you don’t need to update to mitigate this. Disable compression on any SMB servers, if you have any 1903 or 1909 servers. If you have vulnerable servers, you should consider whether, in the future, you would be better served with an OS that is older, more stable, and supported for longer (Server 2019 is based on 1809 and not vulnerable).
You shouldn’t be hesitant to disable compression. After all, compression is a new feature only available since 2019. Disabling compression is more like uninstalling a bad feature patch than installing a new security patch.
This should be much less of a problem on clients, because your users should be smart enough to not connect to random SMB shares.
1 user thanked author for this post.
-
anonymous
GuestMarch 13, 2020 at 6:26 pm #2190546Kevin seems to be downplaying this solely from the Server side which may be the case.
However, according to the CVE:
“To exploit the vulnerability against a client, an unauthenticated attacker would need to configure a malicious SMBv3 server and convince a user to connect to it.”
While the “client” mentioned could only be a W10 PC at 1903 or 1909 that is unpatched, it would certainly suggest a much larger target group than those Kevin alludes to.
1 user thanked author for this post.
-
Alex5723
AskWoody PlusMarch 14, 2020 at 3:13 am #2190639Got this mail from Microsoft this morning :
The following CVE has undergone a minor revision increment:
* CVE-2020-0796
Revision Information:
=====================– CVE-2020-0796 | Windows SMBv3 Client/Server Remote Code Execution Vulnerability
– https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796– Reason for Revision: The following revisions have been made: 1. Added an FAQ to
clarify that only a Server Core installation is available for Windows Server,
version 1903 and Windows Server, version 1909. 2. In the Workarounds, added Note
number 3 to state that SMB Compression is not yet used by Windows or Windows Server,
and disabling SMB Compression has no negative performance impact. These are
informational changes only.
– Originally posted: March 12, 2020
– Updated: March 13, 2020
– Aggregate CVE Severity Rating: Critical
– Version: 1.1
Viewing 4 reply threads -

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.
Search Newsletters
Search Forums
View the Forum
Search for Topics
Recent Topics
-
KB5058405 might fail to install with recovery error 0xc0000098 in ACPI.sys
by
Susan Bradley
5 hours, 29 minutes ago -
T-Mobile’s T-Life App has a “Screen Recording Tool” Turned on
by
Alex5723
8 hours, 10 minutes ago -
Windows 11 Insider Preview Build 26100.4202 (24H2) released to Release Preview
by
joep517
2 hours, 45 minutes ago -
Windows Update orchestration platform to update all software
by
Alex5723
15 hours, 30 minutes ago -
May preview updates
by
Susan Bradley
2 hours, 53 minutes ago -
Microsoft releases KB5061977 Windows 11 24H2, Server 2025 emergency out of band
by
Alex5723
5 hours, 4 minutes ago -
Just got this pop-up page while browsing
by
Alex5723
7 hours, 41 minutes ago -
KB5058379 / KB 5061768 Failures
by
crown
4 hours, 45 minutes ago -
Windows 10 23H2 Good to Update to ?
by
jkitc
1 hour, 55 minutes ago -
At last – installation of 24H2
by
Botswana12
1 day, 7 hours ago -
MS-DEFCON 4: As good as it gets
by
Susan Bradley
2 hours, 7 minutes ago -
RyTuneX optimize Windows 10/11 tool
by
Alex5723
1 day, 19 hours ago -
Can I just update from Win11 22H2 to 23H2?
by
Dave Easley
1 day, 12 hours ago -
Limited account permission error related to Windows Update
by
gtd12345
2 days, 8 hours ago -
Another test post
by
gtd12345
2 days, 8 hours ago -
Connect to someone else computer
by
wadeer
2 days, 3 hours ago -
Limit on User names?
by
CWBillow
2 days, 6 hours ago -
Choose the right apps for traveling
by
Peter Deegan
1 day, 20 hours ago -
BitLocker rears its head
by
Susan Bradley
1 day, 4 hours ago -
Who are you? (2025 edition)
by
Will Fastie
1 day, 3 hours ago -
AskWoody at the computer museum, round two
by
Will Fastie
1 day, 22 hours ago -
A smarter, simpler Firefox address bar
by
Alex5723
2 days, 19 hours ago -
Woody
by
Scott
3 days, 4 hours ago -
24H2 has suppressed my favoured spider
by
Davidhs
1 day, 3 hours ago -
GeForce RTX 5060 in certain motherboards could experience blank screens
by
Alex5723
3 days, 18 hours ago -
MS Office 365 Home on MAC
by
MickIver
3 days, 12 hours ago -
Google’s Veo3 video generator. Before you ask: yes, everything is AI here
by
Alex5723
4 days, 8 hours ago -
Flash Drive Eject Error for Still In Use
by
J9438
1 day, 3 hours ago -
Windows 11 Insider Preview build 27863 released to Canary
by
joep517
5 days, 3 hours ago -
Windows 11 Insider Preview build 26120.4161 (24H2) released to BETA
by
joep517
5 days, 3 hours ago
Recent blog posts
Key Links
Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.
Mastodon profile for DefConPatch
Mastodon profile for AskWoody
Home • About • FAQ • Posts & Privacy • Forums • My Account
Register • Free Newsletter • Plus Membership • Gift Certificates • MS-DEFCON Alerts
Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.