Jump to content

Recommended Posts

Posted

From CVE-2020-0796 | Windows SMBv3 Client/Server Remote Code Execution Vulnerability:
 

Quote
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client.

To exploit the vulnerability against a server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 server. To exploit the vulnerability against a client, an unauthenticated attacker would need to configure a malicious SMBv3 server and convince a user to connect to it.

The security update addresses the vulnerability by correcting how the SMBv3 protocol handles these specially crafted requests.
 


KB 4551762:  This update is for Windows 10 Versions 1903 and 1909.

  • Like 1
  • Thanks 1
  • +1 1
securitybreach
Posted

I seen that one yesterday. While it is a nasty exploit, at least Microsoft decided to fix it right away.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...