Windows 10 Vulnerability: SMBleed

SMBleed Vulnerability on Windows 10

CWRU ISO Risk Report

Windows 10: SMBleed Vulnerability

What is happening on the ground:

  • In June 2020, a bug in the compression mechanism of SMBv3.1.1 was discovered
  • Dubbed SMBleed (CVE-2020-1206); this has been called a sibling of SMBGhost (CVE-2020-0796) which was patched in March
  • This only impacts Windows devices with SMBv3
    • Windows 10 versions 1903, 1909, and 2004, as well as Server Core installations of Windows Server versions 1903, 1909, and 2004

Why does this concern us:

  • Exploitation of SMBleed may allow for remote leaks of kernel memory on affected systems
  • This may lead to unauthenticated remote code execution

What would we ask to be done about it:

  • Update to the latest version of Windows 10
  • For Windows 10 devices that cannot update, block port 445 to mitigate

Supporting Data:


Version: 1.0
Steven Hergert | 06/10/2020