Someone inadvertently disclosed a critical vulnerability in Windows 10 and Server 2019. The flaw makes it possible to mount code-execution attacks that spread from vulnerable machine to vulnerable machine without any user interaction. There is currently no patch available.

1/n https://t.co/fZixJOwJU6

— Dan Goodin (@dangoodin001) March 11, 2020

The recent wormable CVE-2020-0796 that was not included in Microsoft's #PatchTuesday release shares similarities to the vulnerability exploited by the infamous #WannaCry ransomware. Learn how to prevent any potential attack below.https://t.co/T1CaLRgi5u

— Automox (@AutomoxApp) March 11, 2020

Details about new SMB wormable bug leak in Microsoft Patch Tuesday snafu | ZDNet #Microsoft #SMB #wormable #vulnerability #0day #CyberSecurity #nopatchyet ⁦@ZDNet⁩ https://t.co/h93omKfM2l

— Bob Carver ✭ (@cybersecboardrm) March 11, 2020

Details about new SMB wormable bug leak in Microsoft Patch Tuesday snafu

- Bug is tracked as CVE-2020-0796
- Impacts SMBv3, and described as wormable
- Was announced in some security feeds, but not actually included with the March 2020 Patch Tuesdayhttps://t.co/wkDC8xj4vk pic.twitter.com/z8AQt3oKjA

— Catalin Cimpanu (@campuscodi) March 10, 2020

So this is no doubt going to be fun. However, let's be realistic about risk:
1. Core SMB sits in kernel space and KASLR is great at mitigating exploitation.
2. Asssuming this is kernel space, any unsuccessful exploitation results in BSOD. 1/https://t.co/G1azjODKzM

— Jake Williams (@MalwareJake) March 10, 2020

According to Fortinet, the bug was described as "a #Buffer #Overflow Vulnerability in Microsoft SMB Servers" and received a maximum severity rating.https://t.co/Rx9AIKm6Ml

— Responsible Cyber (@R3sp_Cyb3r) March 11, 2020

Details about new SMB wormable bug leak in Microsoft Patch Tuesday snafu | ZDNet https://t.co/xHlhZOrIKp

— piyokango (@piyokango) March 11, 2020

Microsoft Patch Tuesday for March 2020 addresses 115 vulnerabilities with 26 of them labeled as Critical. https://t.co/YEwgoDiImT

— Qualys (@qualys) March 10, 2020

Make sure your infosec operations team can work remotely. Another WannaCry hitting healthcare orgs now would be a disaster. https://t.co/pDVbyZxLxA

— Chris Wysopal (@WeldPond) March 11, 2020

A critical bug in Microsoft's SMBv3 implementation was published under mysterious circumstances.https://t.co/8kGcNEpw7R

— Zack Whittaker (@zackwhittaker) March 11, 2020

MS, 윈10/서버2019에서 SMBv3 관련 취약점이 있음을 발표. 패치 일정은 밝히지 않았으나 우회책을 제시. https://t.co/un3o9XnNpy

— 푸른곰 (@purengom) March 11, 2020

CVE-2020-0796 affects version 3.1.1 of Microsoft’s SMB file-sharing system and was not included in Patch Tuesday. https://t.co/unaMyNtGWw via @InfoSecHotSpot pic.twitter.com/6diMYXsZJA

— Sean Harris (@InfoSecHotSpot) March 11, 2020

Microsoft fixed bugs across a range of products on patch Tuesday, issuing patches for 115 distinct CVEs, with 26 rated critical. https://t.co/pq4546XGr1 via @InfoSecHotSpot pic.twitter.com/3QsNplWhus

— Sean Harris (@InfoSecHotSpot) March 11, 2020

I'll tell ya, when has SMB NOT been a problem in Windows?! | Windows has a new wormable vulnerability, and there’s no patch in sight | @ArsTechnica https://t.co/GTkYuJ4OGt

— Tim Warner (@TechTrainerTim) March 11, 2020

This happens every month I swear https://t.co/LIaClEy8Km

— ?Kirb (@KirbApple) March 12, 2020

Windows has a new wormable vulnerability, and there’s no patch in sight. Critical bug in Microsoft's SMBv3 implementation. https://t.co/ZRj8M5a3Ni

— Gregg Housh (@GreggHoush) March 12, 2020