Microsoft SMBv3 Remote Code Execution Vulnerability
Last Update Date:
10 Jun 2020
Release Date:
11 Mar 2020
5856
Views
RISK: High Risk
TYPE: Operating Systems - Windows OS
A vulnerability was identified in Microsoft SMBv3, a remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.
[Updated 13-Mar-2020]: Microsoft has released the patch for CVE-2020-0796. The risk level was updated to Medium Risk.
[Updated 10-Jun-2020]: Proof Of Concept Exploit Code Is Publicly Available on June 5, 2020. Also, updated the "Related Links" Section. The risk level was updated to high Risk.
Impact
- Remote Code Execution
System / Technologies affected
- SMBv3
Solutions
[Updated 13-Mar-2020]: Microsoft has released the patch for CVE-2020-0796.
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796
Vulnerability Identifier
Source
Related Link
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv200005
- https://kb.cert.org/vuls/id/872016/
- https://www.us-cert.gov/ncas/current-activity/2020/06/05/unpatched-microsoft-systems-vulnerable-cve-2020-0796
- https://support.microsoft.com/en-us/help/3185535/preventing-smb-traffic-from-lateral-connections
Share with