As some expected, Microsoft on Thursday pushed out a patch for a vulnerability in the SMBv3 protocol that was disclosed earlier this week.

The fix, KB4551762, resolves CVE-2020-0796, a critical vulnerability in Microsoft's SMBv3 implementation. SMB, or Server Message Block, is a network file sharing protocol Windows primarily uses to share files, printers, and serial ports.

The vulnerability, a remote code execution vulnerability, could allow a remote attacker to exploit SMBv3, or 3.1.1, to take control of an affected system.

To exploit the vulnerability against a server, Microsoft says an attacker would just need to send a specially crafted packet to a targeted SMBv3 server. To exploit a client, an unauthenticated attacker would need to configure a malicious SMBv3 server and convince a user to connect to it.

There was concern earlier this week that the bug could be “wormable” a la the bugs that led to WannaCry, NotPetya, and BlueKeep if exploited after it went unpatched on Tuesday, when Microsoft issued an advisory.

As a workaround, Microsoft's advisory on the vulnerability, ADV200005, initially suggested disabling SMBv3 compression to block unauthenticated attackers from exploiting the vulnerability against an SMBv3 server with a PowerShell script.

Alternatively, Microsoft also suggested admins block TCP port 445 and preventing SMB traffic from lateral connections.

The vulnerability is present in 32- and 64-bit Windows 10 version 1903 and 1909 for desktops and servers.

Experts on Thursday pressed users to either update as soon as possible or apply the workaround.

https://t.co/2IPGflplpXhttps://t.co/JDq7LShv9v

We just released a patch for CVE-2020-0796 and it is available via all normal channels.

Please update ASAP or use the workaround information in ADV200005 to protect your networks.

— Nate Warfield (@n0x08) March 12, 2020