Windows SMBv3 RCE Threat Intel Advisory

Published on October 5, 2020 | 18:30 PM IST

Share this Advisory:

A remote code execution vulnerability, tracked as CVE-2020-0796, exists in Microsoft’s implementation of SMBv3 [Server Message Block] protocol. SMB is the backbone protocol used for file sharing in the network. If file sharing is enabled on a computer, that means shares are accessed over the network via SMB.

This vulnerability is in version 3.1.1 of the SMB protocol which is only present in 32-bit and 64-bit Windows 10 version 1903 and 1909 for desktops and servers. The vulnerability stems from improper handling of requests by the protocol implementation, which allows an attacker to execute code on the target server or client.

Impact Analysis 

 

Technical 
  • SMB attacks are very critical as such offensives let attackers gain access to the target computer.
  • Lateral movement and pivoting can then be used to further the attack deep into internal networks of the organization.
  • Can lead to Domain takeover, compromising all of the users of a specific domain. 
  • Various exploit kits in the wild have been reported  using SMB related zero day vulnerabilities in the past to carry out various ransomware/ data breach campaigns.
Business
  • Companies can fall victim to ransomware and data breach.
  • Loss of reputation, goodwill and revenue.
  • Battling lawsuits from clients in the face of a cyber security breach.
  • Liable to pay hefty fines from compliance bodies.

Mitigation

Vendor specific patch installation is mandatory:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796

Be informed about threats in your Inbox

Sign up now to our Threat intelligence Newsletter and be the first to know about threats first in your inbox.