Windows SMBv3 RCE Threat Intel Advisory

Summary

CloudSEK Threat Intelligence Advisory on Windows SMBv3 RCE, tracked as CVE-2020-0796, rated as critical with a CVSS score of 9.0.
A remote code execution vulnerability, tracked as CVE-2020-0796, exists in Microsoft’s implementation of SMBv3 protocol. SMB is the backbone protocol used for file sharing in the network. If file sharing is enabled on a computer, that means shares are accessed over the network via SMB. This vulnerability is in version 3.1.1 of the SMB protocol which is only present in 32-bit and 64-bit Windows 10 version 1903 and 1909 for desktops and servers. The vulnerability stems from improper handling of requests by the protocol implementation, which allows an attacker to execute code on the target server or client.[/vc_wp_text][vc_wp_text]

Impact Analysis 

 
Technical 
  • SMB attacks are very critical as such offensives let attackers gain access to the target computer.
  • Lateral movement and pivoting can then be used to further the attack deep into internal networks of the organization.
  • Can lead to Domain takeover, compromising all of the users of a specific domain. 
  • Various exploit kits in the wild have been reported  using SMB related zero day vulnerabilities in the past to carry out various ransomware/ data breach campaigns.
Business
  • Companies can fall victim to ransomware and data breach.
  • Loss of reputation, goodwill and revenue.
  • Battling lawsuits from clients in the face of a cyber security breach.
  • Liable to pay hefty fines from compliance bodies.

Mitigation

Vendor specific patch installation is mandatory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796

Table of Contents

Request an easy and customized demo for free