2020 March 11, we detected safety rules Fortiguard announcement. This notice describes the Microsoft SMBv3 agreement number CVE-2020-0796 Memory Corruption Vulnerability, and pointed out that the vulnerability does not require authorization verification can be used remotely, it is possible to form a worm-level vulnerabilities.
This means trying to use Microsoft SMB server buffer overflow vulnerability to attack.
The vulnerability is due to the vulnerable software processing error that occurs when a maliciously crafted compressed data packets caused. Remote unauthenticated attacker could exploit this vulnerability to execute arbitrary code in the context of the application.
Affected versions
- For 32-bit systems Windows 10 version 1903
- Windows version 101 903 (for x64-based systems)
- Windows version 101 903 (for the ARM64-based systems)
- Windows Server 1903 (Server Core installation)
- For 32-bit systems Windows 10 version 1909
- Windows 10 version 1909 (for x64-based systems)
- Windows version 101 909 (for the ARM64-based systems)
- Version of Windows Server 1909 (Server Core installation)
Because Microsoft has not been described as a number of vulnerabilities CVE-2020-0796, thus temporarily uncertain whether this vulnerability. We recommend that users pay close attention to the development of the vulnerability of the event.
Microsoft released the announcement :
Microsoft way of handling certain requests by the Microsoft Server Message Block 3.1.1 (SMBv3) protocol to realize a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could execute code on the target SMB server or SMB clients.
To take advantage of loopholes for the SMB server, unauthenticated attacker can send specially crafted packets to the target SMBv3 server. To use for SMB client vulnerability, an attacker unauthenticated malicious SMBv3 will need to configure the server, and convincing the user to connect to the server.