Microsoft leaks details of unpatched critical SMB vulnerability in Windows 10 and Windows Server

Patch Tuesday is supposed to be the day Microsoft issues bug-fixing updates for Windows and other software, but this week things were a little different. In addition to the usual patches, the company also inadvertently revealed the existence of a critical vulnerability in the Microsoft Server Message Block 3.1.1 (SMBv3) protocol -- one for which there is currently no patch. It seems that Microsoft had intended to issue a patch to the vulnerability (CVE-2020-0796) yesterday, and therefore referenced it in the introductory text for the Patch Tuesday release, but then changed its mind -- perhaps because the patch was not… [Continue Reading]