Researchers from the Cisco Talos Group mentioned details of the bug, which has the assignation CVE-2020-0796, and then removed them from a blog post they published, as the company normally does, to detail the patches issued on the day.
Oh dear 2020 is so f***** pic.twitter.com/RwtVDEOwGv— Markus Dauberschmidt (@daubsi) March 10, 2020
Cisco, however, covered up Microsoft's error and removed details of the flaw. The company's researchers, Jon Munshaw and Vitor Ventura, made no mention of the censorship of these details in their blog post either.
The security form Fortinet also released details about the flaw, writing: "This indicates an attack attempt to exploit a Buffer Overflow Vulnerability in Microsoft SMB Servers.
"The vulnerability is due to an error when the vulnerable software handles a maliciously crafted compressed data packet. A remote, unauthenticated attacker can exploit this to execute arbitrary code within the context of the application."
While Fortinet advised the application of a patch to mitigate the issue, there is no patch available at the URL provided which goes to the Microsoft Security Response Centre.
There is a vulnerability in modern SMB which allows code execution. The vulnerability is not under active exploitation and was discovered internally by Microsoft. More info: https://t.co/mJXwIDXH5I— Kevin Beaumont (@GossiTheDog) March 10, 2020
There were a total of 117 flaws listed in all by Microsoft, not counting the bug for which details were removed. Twenty-five of these are considered critical.
Flaws in the SMB protocol have in the past been exploited and resulted in worms like WannaCry and NotPetya.
iTWire has contacted Microsoft for comment.
Update: Well-known British security researcher Kevin Beaumont, who will be joining Microsoft as a security threat analyst in a few months, issued a tweet at about 10am AEDT on Wednesday, linking to a post that gives the following details:
"Microsoft is aware of a remote code execution vulnerability in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target SMB Server or SMB Client.
"To exploit the vulnerability against an SMB Server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 Server. To exploit the vulnerability against an SMB Client, an unauthenticated attacker would need to configure a malicious SMBv3 Server and convince a user to connect to it."
Update, March 12, 5.45am AEDT: Some additional information about mitigation has been added to the same post. There is no indication of the time when this was added.