SMBv3 was supposed to be the version that got us past all the vulnerabilities v1 and v2 had. Well, seems like everything makes full circles. SMBv3 seems to have a new vulnerability that involves buffer overflow. This means that if you send a lot of data to a certain process in it, it will overload the program and allow you to execute code remotely.
These buffer overflow attacks seem to be very common lately and are some of the most damaging ones out there.
Basics: SMBv3 is a network protocol that is used for file sharing and printers. Most workplaces use this, meaning there are
a lot of users affected by it.
The situation is weird: Seems like this vulnerability report actually got somewhat leaked. Anyone who was publishing reports of it got their posts removed. Whoever was behind the silencing could not stop thousands of users posting about it, so word got out eventually.
Solution: as of now, it seems that the only way to patch this is to block a certain port the protocol uses and disable SMBv3 compression. I'm sure they will release an update for it, but none as of today.
Here is the main place that the news got leaked from:
https://twitter.com/malwrhunterteam/...38376032251904