What is it?
Server Message Block (SMB) is a long-standing protocol for sharing files, printers, named pipes, and other network resources.
Windows Exchange Server (2016, 2019, 2022) all use SMB version 3.1.1
Why is it a risk?
Certain carefully crafted commands, sent to SMB version 3.1.1 can allow execution of remote commands without authentication which can crash the target server.
How can you mitigate the risk?
A work-around is possble by disabling compression on you SMBv3 Server using PowerShell commands (see link below). Use only if your SMBv3 Server cannot be updated.
Patch your Microsoft Exchange Server to the latest version.
There is a link below to the “One-Click Microsoft Exchange On-Premises Mitigation Tool”; as of March 2021, this is the recommended method for patching your on-premises MS Exchange Server.
The Microsoft Safety Scanner Download link below provides a useful tool for testing your Exchange Server for a variety of security related risks.
Resources:
Microsoft – Windows SMBv3 Client/Server Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2020-0796
Microsoft One-Click Microsoft Exchange On-Premises Mitigation Tool
Microsoft Safety Scanner Download
