{"id":68,"date":"2020-03-12T08:30:51","date_gmt":"2020-03-12T08:30:51","guid":{"rendered":"http:\/\/www.technicaladept.com\/?p=68"},"modified":"2025-04-26T17:50:19","modified_gmt":"2025-04-26T17:50:19","slug":"mitigating-eternal-darkness","status":"publish","type":"post","link":"https:\/\/www.technicaladept.com\/index.php\/2020\/03\/12\/mitigating-eternal-darkness\/","title":{"rendered":"Mitigating Eternal Darkness"},"content":{"rendered":"\n

A new security vulnerability has been disclosed before a patch has been made available. It’s a “remote code execution” bug which means that an attacker can use it to effectively take over vulnerable computers. It exploits the compression features of the the common windows file sharing protocol SMB<\/p>\n\n\n\n

Many enterprises will rely on file sharing and cannot simply turn off SMB, but they can switch off support for the compression features. This will prevent an attacker from being able to use a file share on a machine as a means of taking over that machine. It will not however prevent them from setting up a file share and that would attack any machine that connected to it: potentially a new form of phishing attack. Users should be reminded to never click on links or open attachments that they weren’t specifically expecting.<\/p>\n\n\n\n

To roll out the mitigation in an enterprise we can use group policy preferences to apply a registry change.<\/p>\n\n\n\n

We need create or update a registry DWORD called DisableCompression<\/strong> in the HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\LanmanServer\\Parameters\\ registry key.<\/p>\n\n\n\n

This can be achieved from a suitable Group Policy Object by creating a new Registry entry under Computer Configuration | Preferences | Windows Settings | Registry using the Replace Action as below<\/p>\n\n\n\n

\"\"
HKLM\\SYSTEM\\CurrentControlSet\\Services\\LanmanServer\\Parameters\\
DisableCompression = 1<\/figcaption><\/figure>\n","protected":false},"excerpt":{"rendered":"

A new security vulnerability has been disclosed before a patch has been made available. It’s a “remote code execution” bug which means that an attacker can use it to effectively take over vulnerable computers. It exploits the compression features of the the common windows file sharing protocol SMB Many enterprises will rely on file sharing […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"yoast_head":"\nMitigating Eternal Darkness | Technical Adept<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.technicaladept.com\/index.php\/2020\/03\/12\/mitigating-eternal-darkness\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Mitigating Eternal Darkness | Technical Adept\" \/>\n<meta property=\"og:description\" content=\"A new security vulnerability has been disclosed before a patch has been made available. It’s a “remote code execution” bug which means that an attacker can use it to effectively take over vulnerable computers. It exploits the compression features of the the common windows file sharing protocol SMB Many enterprises will rely on file sharing […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.technicaladept.com\/index.php\/2020\/03\/12\/mitigating-eternal-darkness\/\" \/>\n<meta property=\"og:site_name\" content=\"Technical Adept\" \/>\n<meta property=\"article:published_time\" content=\"2020-03-12T08:30:51+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-04-26T17:50:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.technicaladept.com\/wp-content\/uploads\/2020\/03\/group-policy-preferences.png\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.technicaladept.com\/index.php\/2020\/03\/12\/mitigating-eternal-darkness\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.technicaladept.com\/index.php\/2020\/03\/12\/mitigating-eternal-darkness\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\/\/www.technicaladept.com\/#\/schema\/person\/8c1bcc5c2c6b64e5e8cf75fe742e60ca\"},\"headline\":\"Mitigating Eternal Darkness\",\"datePublished\":\"2020-03-12T08:30:51+00:00\",\"dateModified\":\"2025-04-26T17:50:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.technicaladept.com\/index.php\/2020\/03\/12\/mitigating-eternal-darkness\/\"},\"wordCount\":221,\"publisher\":{\"@id\":\"https:\/\/www.technicaladept.com\/#\/schema\/person\/f55bd44f0e2e66194706a07bafdd2e29\"},\"articleSection\":[\"Uncategorized\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.technicaladept.com\/index.php\/2020\/03\/12\/mitigating-eternal-darkness\/\",\"url\":\"https:\/\/www.technicaladept.com\/index.php\/2020\/03\/12\/mitigating-eternal-darkness\/\",\"name\":\"Mitigating Eternal Darkness | Technical Adept\",\"isPartOf\":{\"@id\":\"https:\/\/www.technicaladept.com\/#website\"},\"datePublished\":\"2020-03-12T08:30:51+00:00\",\"dateModified\":\"2025-04-26T17:50:19+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.technicaladept.com\/index.php\/2020\/03\/12\/mitigating-eternal-darkness\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.technicaladept.com\/index.php\/2020\/03\/12\/mitigating-eternal-darkness\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.technicaladept.com\/index.php\/2020\/03\/12\/mitigating-eternal-darkness\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.technicaladept.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Mitigating Eternal Darkness\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.technicaladept.com\/#website\",\"url\":\"https:\/\/www.technicaladept.com\/\",\"name\":\"Technical Adept\",\"description\":\"A place to put words I might want to share\",\"publisher\":{\"@id\":\"https:\/\/www.technicaladept.com\/#\/schema\/person\/f55bd44f0e2e66194706a07bafdd2e29\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.technicaladept.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-GB\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/www.technicaladept.com\/#\/schema\/person\/f55bd44f0e2e66194706a07bafdd2e29\",\"name\":\"Matt Hardy\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.technicaladept.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.technicaladept.com\/wp-content\/uploads\/2020\/01\/Matt-Profile-300.png\",\"contentUrl\":\"https:\/\/www.technicaladept.com\/wp-content\/uploads\/2020\/01\/Matt-Profile-300.png\",\"width\":300,\"height\":280,\"caption\":\"Matt Hardy\"},\"logo\":{\"@id\":\"https:\/\/www.technicaladept.com\/#\/schema\/person\/image\/\"},\"sameAs\":[\"http:\/\/www.technicaladept.com\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.technicaladept.com\/#\/schema\/person\/8c1bcc5c2c6b64e5e8cf75fe742e60ca\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.technicaladept.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8787914ebb49ec49dd9559bd0bef5ff9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/8787914ebb49ec49dd9559bd0bef5ff9?s=96&d=mm&r=g\",\"caption\":\"admin\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Mitigating Eternal Darkness | Technical Adept","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.technicaladept.com\/index.php\/2020\/03\/12\/mitigating-eternal-darkness\/","og_locale":"en_GB","og_type":"article","og_title":"Mitigating Eternal Darkness | Technical Adept","og_description":"A new security vulnerability has been disclosed before a patch has been made available. It’s a “remote code execution” bug which means that an attacker can use it to effectively take over vulnerable computers. It exploits the compression features of the the common windows file sharing protocol SMB Many enterprises will rely on file sharing […]","og_url":"https:\/\/www.technicaladept.com\/index.php\/2020\/03\/12\/mitigating-eternal-darkness\/","og_site_name":"Technical Adept","article_published_time":"2020-03-12T08:30:51+00:00","article_modified_time":"2025-04-26T17:50:19+00:00","og_image":[{"url":"https:\/\/www.technicaladept.com\/wp-content\/uploads\/2020\/03\/group-policy-preferences.png"}],"author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin","Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.technicaladept.com\/index.php\/2020\/03\/12\/mitigating-eternal-darkness\/#article","isPartOf":{"@id":"https:\/\/www.technicaladept.com\/index.php\/2020\/03\/12\/mitigating-eternal-darkness\/"},"author":{"name":"admin","@id":"https:\/\/www.technicaladept.com\/#\/schema\/person\/8c1bcc5c2c6b64e5e8cf75fe742e60ca"},"headline":"Mitigating Eternal Darkness","datePublished":"2020-03-12T08:30:51+00:00","dateModified":"2025-04-26T17:50:19+00:00","mainEntityOfPage":{"@id":"https:\/\/www.technicaladept.com\/index.php\/2020\/03\/12\/mitigating-eternal-darkness\/"},"wordCount":221,"publisher":{"@id":"https:\/\/www.technicaladept.com\/#\/schema\/person\/f55bd44f0e2e66194706a07bafdd2e29"},"articleSection":["Uncategorized"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/www.technicaladept.com\/index.php\/2020\/03\/12\/mitigating-eternal-darkness\/","url":"https:\/\/www.technicaladept.com\/index.php\/2020\/03\/12\/mitigating-eternal-darkness\/","name":"Mitigating Eternal Darkness | Technical Adept","isPartOf":{"@id":"https:\/\/www.technicaladept.com\/#website"},"datePublished":"2020-03-12T08:30:51+00:00","dateModified":"2025-04-26T17:50:19+00:00","breadcrumb":{"@id":"https:\/\/www.technicaladept.com\/index.php\/2020\/03\/12\/mitigating-eternal-darkness\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.technicaladept.com\/index.php\/2020\/03\/12\/mitigating-eternal-darkness\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.technicaladept.com\/index.php\/2020\/03\/12\/mitigating-eternal-darkness\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.technicaladept.com\/"},{"@type":"ListItem","position":2,"name":"Mitigating Eternal Darkness"}]},{"@type":"WebSite","@id":"https:\/\/www.technicaladept.com\/#website","url":"https:\/\/www.technicaladept.com\/","name":"Technical Adept","description":"A place to put words I might want to share","publisher":{"@id":"https:\/\/www.technicaladept.com\/#\/schema\/person\/f55bd44f0e2e66194706a07bafdd2e29"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.technicaladept.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-GB"},{"@type":["Person","Organization"],"@id":"https:\/\/www.technicaladept.com\/#\/schema\/person\/f55bd44f0e2e66194706a07bafdd2e29","name":"Matt Hardy","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.technicaladept.com\/#\/schema\/person\/image\/","url":"https:\/\/www.technicaladept.com\/wp-content\/uploads\/2020\/01\/Matt-Profile-300.png","contentUrl":"https:\/\/www.technicaladept.com\/wp-content\/uploads\/2020\/01\/Matt-Profile-300.png","width":300,"height":280,"caption":"Matt Hardy"},"logo":{"@id":"https:\/\/www.technicaladept.com\/#\/schema\/person\/image\/"},"sameAs":["http:\/\/www.technicaladept.com\/"]},{"@type":"Person","@id":"https:\/\/www.technicaladept.com\/#\/schema\/person\/8c1bcc5c2c6b64e5e8cf75fe742e60ca","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.technicaladept.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/8787914ebb49ec49dd9559bd0bef5ff9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8787914ebb49ec49dd9559bd0bef5ff9?s=96&d=mm&r=g","caption":"admin"}}]}},"_links":{"self":[{"href":"https:\/\/www.technicaladept.com\/index.php\/wp-json\/wp\/v2\/posts\/68"}],"collection":[{"href":"https:\/\/www.technicaladept.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.technicaladept.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.technicaladept.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.technicaladept.com\/index.php\/wp-json\/wp\/v2\/comments?post=68"}],"version-history":[{"count":3,"href":"https:\/\/www.technicaladept.com\/index.php\/wp-json\/wp\/v2\/posts\/68\/revisions"}],"predecessor-version":[{"id":180,"href":"https:\/\/www.technicaladept.com\/index.php\/wp-json\/wp\/v2\/posts\/68\/revisions\/180"}],"wp:attachment":[{"href":"https:\/\/www.technicaladept.com\/index.php\/wp-json\/wp\/v2\/media?parent=68"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.technicaladept.com\/index.php\/wp-json\/wp\/v2\/categories?post=68"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.technicaladept.com\/index.php\/wp-json\/wp\/v2\/tags?post=68"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}