|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796 https://support.microsoft.com/en-us/help/4551762/windows-10-update-kb
[See the full post at: Patch Lady – we have an out of band on that SMBv3]
Susan Bradley Patch Lady/Prudent patcher
Windows server is base on 1809. Only Server Core get updated version to 1903 and 1909. If you want the desktop experience, you can only use the 1809 release.
Because the newer stuff is ending up with SMBv3 bugs. Windows server with a GUI is LTSB and is several years old in patching age. Only server core is the equivalent of Windows 10 1903 and 1909. It’s slightly confusing due to the GUI/not GUI server world we live in.
Susan Bradley Patch Lady/Prudent patcher
NO ONE should be STUPID enough to have port 445 a SMB file sharing port open to the web
Except, you know, Microsoft? https://azure.microsoft.com/en-us/services/storage/files/
SMB3 has encryption and security features that were designed to allow it to be used directly without a VPN.
So I’m still in don’t panic, don’t install and let’s test mode.
This is a giant vulnerability, so it shouldn’t be left open, even if it can only occur over your local network. There’s no need to install the patch though, the workaround of disabling SMB compression is enough.
My opinion is that no one should be stupid enough to have a Windows server open to the web, period.
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
