Microsoft Releases Out-of-Band Update for SMBGhost on Windows 10 1903 and 1909
Microsoft has responded to the SMBv3 vulnerability (CVE-2020-0796)—which made a very short appearance on Microsoft’s Update API on Patch Tuesday—with an out-of-band update. The CVE made its stealthy appearance and then was quickly removed as an update that was not yet ready, but multiple security firms had already scrapped the metadata from the Microsoft CVE page and ended up posting details of this vulnerability in several Patch Tuesday recaps. Microsoft quickly responded by publishing the CVE as a Security Advisory a few hours later. The advisory provided details about the vulnerability and guidance to mitigate the risk.
Two days later Microsoft has responded again, this time with a deployable update. The update is not a re-release, but a new cumulative update that supersedes the March Patch Tuesday Cumulative Rollup for Windows 10 1903 and 1909. If you have not already deployed the Patch Tuesday release, you can just push this new Cumulative Rollup instead.