[Samba] Due to CVE in windows, disable SMB3 compression.
L.P.H. van Belle
belle at bazuin.nl
Wed Mar 11 10:46:14 UTC 2020
https://portal.msrc.micro...idance/advisory/adv200005
Published: 03/10/2020
Workarounds
The following workaround may be helpful in your situation. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as they become available even if you plan to leave this workaround in place:
Disable SMBv3 compression
You can disable compression to block unauthenticated attackers from exploiting the vulnerability against an SMBv3 Server with the PowerShell command below.
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force
Notes:
No reboot is needed after making the change.
This workaround does not prevent exploitation of SMB clients.
You can disable the workaround with the PowerShell command below.
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 0 -Force
More information about the samba
mailing list