Microsoft Server Message Block RCE Vulnerability

ronjor · Mar 11, 2020

Original release date: March 11, 2020

Microsoft has released a security advisory to address a remote code execution vulnerability (CVE-2020-0796) in Microsoft Server Message Block 3.1.1 (SMBv3). A remote attacker can exploit this vulnerability to take control of an affected system. SMB is a network file-sharing protocol that allows client machines to access files on servers.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft Advisory ADV200005
and the CERT Coordination Center’s Vulnerability Note VU#872016 and apply the workaround until patches are made available.
Click to expand...

guest · Mar 11, 2020

Microsoft SMBv3 compression remote code execution vulnerability
Vulnerability Note VU#872016
March 11, 2020
https://www.kb.cert.org/vuls/id/872016/

Overview
Microsoft SMBv3 contains a vulnerability in the handling of compression, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Description
Microsoft Server Message Block 3.1.1 (SMBv3) contains a vulnerability in the way that it handles connections that use compression. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. It has been reported that this vulnerability is "wormable."
Impact
By connecting to a vulnerable Windows machine using SMBv3, or by causing a vulnerable Windows system to initiate a client connection to a SMBv3 server, a remote, unauthenticated attacker to execute arbitrary code with SYSTEM privileges on a vulnerable system.
Click to expand...

Solution
The CERT/CC is currently unaware of a practical solution to this problem. Please consider the following workarounds: [...]
Click to expand...

ronjor · Mar 12, 2020

Microsoft Releases Out-of-Band Security Updates for SMB RCE Vulnerability

Original release date: March 12, 2020
Microsoft has released out-of-band security updates to address a remote code execution vulnerability (CVE-2020-0796) in Microsoft Server Message Block 3.1.1 (SMBv3). A remote attacker could exploit this vulnerability to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following resources and apply the necessary updates or workarounds.
• Microsoft Security Guidance for CVE-2020-0796
• Microsoft Advisory ADV200005
• CERT Coordination Center’s Vulnerability Note VU#872016
Click to expand...

Log in or Sign up

Microsoft Server Message Block RCE Vulnerability

ronjor Global Moderator

guest Guest

ronjor Global Moderator

Log in or Sign up

Microsoft Server Message Block RCE Vulnerability

ronjor Global Moderator

guest Guest

ronjor Global Moderator

Useful Searches