TheWindowsClub News

TheWindowsClub Tech News covers the latest Microsoft Windows 10 news, along with other products & services like Office, etc.

New SMBleed vulnerability can compromise Windows SMB Protocol

A new critical vulnerability dubbed as SMBleed has recently been discovered which allows hackers to access the kernel memory. It could also lead to the remote code execution attacks when combined with “wormable bug”, a previously disclosed bug. Microsoft addressed the vulnerability on June 2020 Patch Tuesday and has also released the patches, the unpatched systems are still vulnerable though.

SMBleed

Microsoft has patched the SMBleed vulnerability

“Although Microsoft disclosed and provided updates for this vulnerability in March 2020, malicious cyber actors are targeting unpatched systems with the new PoC, according to recent open-source reports,” CISA said.

SMBleed is a critical remote code execution bug in the SMB (Server Message Block) v1 protocol that reportedly impacts the latest versions of Windows like Windows 10 and Windows Server, versions 1903, 1909, and 2004.

Windows PC uses SMB to send files and share resources across the networks. It has been pretty vulnerable over the past few years and been used by the attackers for various intrusions and ransomware attacks.

SMBGhost(CVE-2020-0796) reportedly earlier this year is also a remote code execution vulnerability that resides with version 3.1.1 of the Microsoft Server Message Block (SMB) protocol and attacks Windows 10 and Windows Server 2019.

Microsoft advisory says, “To exploit the vulnerability against a server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 server. To exploit the vulnerability against a client, an unauthenticated attacker would need to configure a malicious SMBv3 server and convince a user to connect to it”.

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned Windows 10 users to update their machines to mitigate this bug. The latest security update corrects how the SMBv3 protocol handles these specially crafted requests and helps to mitigate the vulnerability. If the patch is not applicable to your system, it is recommended to block port 445 to prevent remote exploitation.

Do check the advisory released by Microsoft to know more about the vulnerability and the patches.

Published on Tags:

ShiwangiPeswani@TWC

Shiwangi Peswani is a qualified writer and a blogger, who loves to dabble with and write about computers and the Internet. While focusing on and writing on technology topics, her varied skills and experience enables her to write on any topics which may interest her.

Share via
Facebook
X (Twitter)
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap