SMB3 compression exploit in Windows: ADV200005

Andrew Bartlett abartlet at
Wed Mar 11 00:31:20 UTC 2020

I wanted to write a public heads up that Microsoft has published an
advisory about an exploit in their client and server SMBv3 compression

We may start to get questions about this in Samba, and Samba users with
windows clients might wish to carefully consider the guidance here in
the meantime:

On the Samba side of things while our lzexpress compression code
sucks[1], it isn't use in a vulnerable context, and certainly not in

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team
Samba Development and Support, Catalyst IT - Expert Open Source

More information about the samba-technical mailing list