[Samba] Due to CVE in windows, disable SMB3 compression.
L.P.H. van Belle
belle at bazuin.nl
Wed Mar 11 10:50:22 UTC 2020
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv200005
The full link.
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> L.P.H. van Belle via samba
> Verzonden: woensdag 11 maart 2020 11:46
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Due to CVE in windows, disable SMB3 compression.
>
> https://portal.msrc.micro...idance/advisory/adv200005
> Published: 03/10/2020
>
> Workarounds
>
> The following workaround may be helpful in your situation. In
> all cases, Microsoft strongly recommends that you install the
> updates for this vulnerability as soon as they become
> available even if you plan to leave this workaround in place:
>
> Disable SMBv3 compression
>
> You can disable compression to block unauthenticated
> attackers from exploiting the vulnerability against an SMBv3
> Server with the PowerShell command below.
>
> Set-ItemProperty -Path
> "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Paramete
> rs" DisableCompression -Type DWORD -Value 1 -Force
>
> Notes:
>
> No reboot is needed after making the change.
> This workaround does not prevent exploitation of SMB clients.
>
> You can disable the workaround with the PowerShell command below.
>
> Set-ItemProperty -Path
> "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Paramete
> rs" DisableCompression -Type DWORD -Value 0 -Force
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list