CVE-2020-0796 remote code execution vulnerability in SMB Protocol 3.0

Yesterday a big new vulnerability in the SMB protocol stack was published. The security flaw, tracked as CVE-2020-0796, is not included with this month’s March 2020 Patch Tuesday updates, and is unclear when it will be patched.

The vulnerability is due to an error when the vulnerable software handles a maliciously crafted compressed data packet.

The information about the vulnerability was published to different threat centers including Talos (but was then removed from the webiste) but is still publicly available on FortiGuard

https://fortiguard.com/encyclopedia/ips/48773 apparently this only applies to the lastest OS and the newest SMB protocol stack.3.1.1 (SMBv3). The issue is how the protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target SMB Server or SMB Client.

Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows Server, version 1903 (Server Core installation)
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows Server, version 1909 (Server Core installation)

The initial guidance from Microsoft is to disable SMB Compression https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv200005 and block TCP port 445 on firewalls and client computers.

You May Also Like

About the Author: Marius Sandbu

Leave a Reply

Your email address will not be published. Required fields are marked *