[Reprint] Update: Patch released | Microsoft Windows SMBv3.0 Service Remote Code Execution Vulnerability (CVE-2020-0796) Notice

Others 2020-03-16 08:18:01 views: null

Update: Patch released | Microsoft Windows SMBv3.0 Service Remote Code Execution Vulnerability (CVE-2020-0796) Notice

HTTPS: // www.freebuf.com/articles/system/230288.html 

today just patched ..

 

2020-03-13 total of 10507 people watching, found an unidentified object system security

Document information

Numbering QiAnXinTI-SV-2020-0008
Keyword SMB CVE-2020-0796
Release date 2020 March 11
Updated 2020 March 12
TLP WHITE
Analysis Team Cian letter threat intelligence center

Announcement background

2020 March 11, a foreign security company released a review of recent Microsoft security patches related to vulnerabilities, which talked about a threat level is marked as Critical of SMB Service Remote Code Execution Vulnerability (CVE-2020-0796), An attacker could remotely exploit this vulnerability without user verification by sending a special data structure leads to a malicious execution of malicious code on the target system in order to gain full control of the machine. This vulnerability mainly affects SMBv3.0 support equipment, the possibility of the presence of worms in theory.

Since the information has spread loopholes, there are signs that hacker groups are actively studying details of the vulnerability exploit attempts, pose a potential security threat. Cian threat intelligence information center raindrop red team has confirmed there are loopholes, 2020 March 12, Microsoft released a security patch corresponding strongly recommend that users install the patch immediately to avoid risk from this vulnerability caused.

Vulnerability Summary

Vulnerability name Microsoft Windows SMBv3.0 Service Remote Code Execution Vulnerability
Vulnerability ID CVE-2020-0796
Threat Type Remote Code Execution
Threat Level serious
Use scene An attacker can trigger the vulnerability by sending a specially crafted packet, without user verification could lead to control of the target system.
Affected systems and application versions  Windows 10 Version 1903 for 32-bit Systems
 Windows 10 Version 1903 for ARM64-based Systems
 Windows 10 Version 1903 for x64-based Systems
 Windows 10 Version 1909 for 32-bit Systems
 Windows 10 Version 1909 for ARM64-based Systems
 Windows 10 Version 1909 for x64-based Systems
 Windows Server, version 1903 (Server Core installation)
 Windows Server, version 1909 (Server Core installation)    

Vulnerability Description

Vulnerability exists in the Windows SMBv3.0 (file sharing and print services), the current technical details to hold off publication for the exploitation of a vulnerability without user verification, by constructing a malicious request to trigger the execution of arbitrary code, the system from unauthorized control.

Assess the impact surface

This vulnerability mainly affects SMBv3.0 protocol, the protocol currently supported devices include Windows 8, Windows 8.1, Windows 10, Windows Server 2012 and Windows Server 2016, but by the announcement from Microsoft's point of view the main objective is to influence Win10 systems, taking into account magnitude related equipment, potentially a greater threat.

Advice on Disposal

Repair method

1. Microsoft has released a security patch for this vulnerability, visit the following links:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796

2. If you temporarily unable to install the patch, Microsoft's current recommendations to address the following interim solution:

Execute the following command

 

Set-ItemProperty-Path"HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters"DisableCompression -Type DWORD -Value 1 -Force 

 

Disabling SMB 3.0 in compression, whether to use requires a combination of their business judgment.

Reference material

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200005

https://cc.bingj.com/cache.aspx?q=https%3a%2f%2fblog.talosintelligence.com%2f2020%2f03%2fmicrosoft-patch-tuesday-march-2020.html&w=NrvF66m3pULMCOMEBw-cKyRUwi9s1qXv&d=928684983196

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796

timeline

time event
2020 March 11 Cian publish an initial report on the letter No patch vulnerabilities
2020 March 12 Cian letter released updated information about the vulnerability patch updates

* Author: Cian letter of threat intelligence centers, please indicate from FreeBuf.COM

Guess you like

Origin www.cnblogs.com/jinanxiaolaohu/p/12492568.html
Recommended
Ranking
Empire cms smart tag calls four first-level recommended articles, starting from the fourth article
Linux environment installation and configuration Elasticsearch7.17
Big Data processing architecture and Lambda Kappa architecture
Explore the top of the AI large model platform - Wenxin Qianfan
Beijing car PK10 lucky airship Guanya size and value of the odd and even tips
W3B x Sui Hacker House|In-depth understanding of Sui and Move language
Know almost Ko Chan: Chinese what any decent open source software products? (Finishing from my original answer)
Comprehensively improve AD domain security authentication | Zhuyun IDaaS
Android Update Engine Analysis (24) What happened when making the downgrade package?
Spark Architecture and Operating Mechanism (1) - System Architecture
Daily
More
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)

Code World

© 2018 codetd.com