Vulnerability Description: The system user SMBv3 remote code execution vulnerability, now a local privilege escalation has occurred exp
Local privilege escalation exp Download: https://github.com/danigargu/CVE-2020-0796 EXE version
https://github.com/ZecOps/CVE-2020-0796-LPE-POC Py version
root cause
Vulnerability occurs in srv2.sys, because SMB does not correctly handle compressed data packets, when decompressed using the client pass over the length of time decompressing data packets, and did not check whether the length of the legality eventually lead to an integer overflow.
Rehabilitation program
1] Settings - updates and security -Windows Update - check for updates
or direct download to install the corresponding patch (KB4551762)
https://www.catalog.update.microsoft.com/Search.aspx?q=KB4551762
2] regedit HKLM \ SYSTEM \ CurrentControlSet \ Services \ LanmanServer \ Parameters create a file called DisableCompression the DWORD, value of 1, prohibits the SMB compression.
Or PowerShell
the Set-ItemProperty -Path "HKLM: \ the SYSTEM \ CurrentControlSet \ Services \ LanmanServer \ the Parameters" DisableCompression -Type DWORD -Value 1 -Force
3] 445 port closure