Reducing SMBv3 Vulnerability Attack Surface

This week has been very interesting with Microsoft unintentionally disclosing a remote code execution vulnerability in SMB v3. This particularly affects the data compression feature within the 1903 and 1909 versions of Windows 10 and Server 2019. This left defenders everywhere in a frantic state while malicious actors worked overtime in order to take advantage of the vulnerability before a patch was released. Luckily, Microsoft ended up releasing an emergency out-of-cycle patch two days later to combat this. As we all know though, just because a patch is released, doesn’t mean everyone will apply it or even has the means to do so across a domain, still making this a concern. In light of that, one can use PowerShell to reduce the attack surface by disabling the compression feature of SMB v3. We can do so with the following…