Critical weakness found in Windows SMB protocol!

Critical weakness found in Windows SMB protocol!

  • Home
  • Blog
  • Critical weakness found in Windows SMB protocol!

Critical weakness found in Windows SMB protocol!

zemarkhos-blog-critical-weakness-found-in-windows-smb-protocol

A critical vulnerability affecting the SMBv3 protocol was discovered by security researchers. Dubbed “SMBleed” (CVE-2020-1206) by cybersecurity firm ZecOps, this weakness stems from SMB's decompression function. Exploiting the vulnerability, an attacker can gain remote access to the target system's core memory.

The zecops researchers noted that the weakness was due to the way the function called Srv2DecompressData handles specially crafted message requests sent to the SMBv3 server. Thus, an unidentified attacker can take advantage of the vulnerability to read kernel memory and make changes to the compression function. In addition, the researchers noted that SMBleed vulnerability could be used for remote command execution purposes on un-patched Windows 10 systems, combined with smbghost vulnerability. Microsoft stated that an attacker could exploit the vulnerability of smbleed against target clients if they configured a malicious SMBv3 server and convinced users to connect to it.

Oct June Tuesday, Microsoft released the patch for the 1903 and 1909 versions of Windows 10, along with the updates. Security updates should be made as soon as possible to avoid vulnerability. For operating systems that do not have an update, it is recommended that port 445 be blocked for remote exploits.

Microsoft Releases June 2020 Security Updates
Microsoft has released security updates for 129 vulnerabilities affecting Windows operating systems and various versions of related products. 11 of these weaknesses are critically important, allowing an attacker to execute remote commands on the target system. The remaining 118 weaknesses are significant weaknesses. Many of these weaknesses allow an attacker to raise rights and authority over the target system and carry out spoofing attacks on the target system.

One of the major weaknesses fixed with the update is the smbleed vulnerability coded CVE-2020-1206. This vulnerability affects the SMBv3 protocol, allowing a vulnerable attacker to access the core memory of the target system. This vulnerability can be used in conjunction with the CVE-2020-0796 coded smbghost vulnerability described 3 months ago, which allows remote command execution on the target system.

The CVE-2020-1213, CVE-2020-1216, and CVE-2020-1260 coded vulnerabilities affecting the VBScript Engine are caused by an error in the way objects in memory are processed. These vulnerabilities allow an attacker to execute random code over a valid user.

CVE-2020-1299 security vulnerability, one of 11 critical weaknesses, allows an attacker to remotely execute commands on the target system. This vulnerability is caused by an error in the way Windows handles shortcut files.

In addition, updates released this month included an update for security vulnerability coded CVE-2020-9633, which affects Adobe Flash Player for Windows systems and allows an attacker to execute commands remotely.

Security updates must be made as soon as possible to avoid being affected by attacks.