Windows SMBv3 RCE Threat Intel Advisory

CloudSEK Threat Intelligence Advisory on Windows SMBv3 RCE, tracked as CVE-2020-0796, rated as critical with a CVSS score of 9.0.
Updated on
April 19, 2023
Published on
October 5, 2020
Read MINUTES
5
Subscribe to the latest industry news, threats and resources.
A remote code execution vulnerability, tracked as CVE-2020-0796, exists in Microsoft’s implementation of SMBv3 [Server Message Block] protocol. SMB is the backbone protocol used for file sharing in the network. If file sharing is enabled on a computer, that means shares are accessed over the network via SMB. This vulnerability is in version 3.1.1 of the SMB protocol which is only present in 32-bit and 64-bit Windows 10 version 1903 and 1909 for desktops and servers. The vulnerability stems from improper handling of requests by the protocol implementation, which allows an attacker to execute code on the target server or client.[/vc_wp_text][vc_wp_text]

Impact Analysis 

 
Technical 
  • SMB attacks are very critical as such offensives let attackers gain access to the target computer.
  • Lateral movement and pivoting can then be used to further the attack deep into internal networks of the organization.
  • Can lead to Domain takeover, compromising all of the users of a specific domain. 
  • Various exploit kits in the wild have been reported  using SMB related zero day vulnerabilities in the past to carry out various ransomware/ data breach campaigns.
Business
  • Companies can fall victim to ransomware and data breach.
  • Loss of reputation, goodwill and revenue.
  • Battling lawsuits from clients in the face of a cyber security breach.
  • Liable to pay hefty fines from compliance bodies.

Mitigation

Vendor specific patch installation is mandatory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796

Get Global Threat Intelligence on Real Time

Protect your business from cyber threats with real-time global threat intelligence data.. 30-day free and No Commitment Trial.
Schedule a Demo
Real time Threat Intelligence Data
More information and context about Underground Chatter
On-Demand Research Services
Dashboard mockup
Global Threat Intelligence Feed

Protect and proceed with Actionable Intelligence

The Global Cyber Threat Intelligence Feed is an innovative platform that gathers information from various sources to help businesses and organizations stay ahead of potential cyber-attacks. This feed provides real-time updates on cyber threats, including malware, phishing scams, and other forms of cybercrime.
Trusted by 400+ Top organisations