Shulou(Shulou.com)05/31 Report--

How to carry out Microsoft Windows SMBv3.0 service remote code execution vulnerability notification, I believe that many inexperienced people are helpless about this, this article summarizes the causes of the problem and solutions, through this article I hope you can solve this problem.

Document Information Number QiAnXinTI-SV-2020-0008 Keyword SMB ADV200005 Release Date March 11, 2020 Update Date March 11, 2020 TLPWHITE Analysis Team Qianxin Threat Intelligence Center Notification Background

On March 11, 2020, a foreign security company published a summary of vulnerabilities involved in recent Microsoft security patches, which talked about an SMB service remote code execution vulnerability with a threat level marked Critical (allegedly numbered CVE-2020-0796), which can be exploited by attackers to remotely execute malicious code on target systems without user authentication by sending specially constructed malicious data, thus gaining full control of the machine. This vulnerability mainly affects devices that support SMBv3.0. Theoretically, there is the possibility of worm. At present, Microsoft has not provided corresponding vulnerability information, but issued a notice of SMBv3.0 vulnerability.

The Red Raindrop team at the Qian Information Threat Intelligence Center has confirmed the existence of the vulnerability, and Microsoft is said to be releasing an out-of-the-box patch to fix the vulnerability. As information about the existence of the vulnerability has spread, there are indications that hacker groups are actively studying the details of the vulnerability in an attempt to exploit it, posing a potential security threat. Please follow the temporary solution suggested in this notice to temporarily avoid the vulnerability until the vulnerability is fixed.

Vulnerability Summary Vulnerability Name Microsoft Windows SMBv3.0 Services Remote Code Execution Vulnerability

Threat Type Remote Code Execution Threat Level Critical Vulnerability IDADV200005 Exploitation Scenario An attacker could trigger the vulnerability by sending a specially crafted packet that could lead to taking control of a targeted system without user authentication. Windows 10 Version 1903 for 32-bit Systems Windows 10 Version 1903 for ARM64-based Systems Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows Server version 1903 (Server Core installation) Windows Server, version 1909 (Server Core installation) Vulnerability Description

The vulnerability exists in Windows SMBv3.0 (File Sharing and Printing Service). At present, the technical details are unknown. The exploitation of the vulnerability does not require user authentication. It can trigger arbitrary code execution by constructing malicious requests. The system is subject to unauthorized control.

Impact surface assessment

This vulnerability mainly affects SMBv3.0 protocol, currently supporting the protocol of devices including Windows 8, Windows 8.1, Windows 10, Windows Server 2012 and Windows Server 2016, but from Microsoft's notice to see the affected target is mainly Win10 system, considering the magnitude of the relevant devices, the potential threat is greater.

Disposal recommendations Repair methods

1. Currently, there are no relevant patches released. Microsoft currently recommends the following temporary solutions:

execute the following command

Set-ItemProperty-Path"HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters"DisableCompression -Type DWORD -Value1-Force Disable the compression function of SMB 3.0. Whether to use it needs to be determined in combination with your own business.

After reading the above, do you know how to perform Microsoft Windows SMBv3.0 service remote code execution vulnerability notification? If you still want to learn more skills or want to know more related content, welcome to pay attention to the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.