CWRU ISO Risk Report
Windows 10: SMBleed Vulnerability
What is happening on the ground:
- In June 2020, a bug in the compression mechanism of SMBv3.1.1 was discovered
- Dubbed SMBleed (CVE-2020-1206); this has been called a sibling of SMBGhost (CVE-2020-0796) which was patched in March
- This only impacts Windows devices with SMBv3
- Windows 10 versions 1903, 1909, and 2004, as well as Server Core installations of Windows Server versions 1903, 1909, and 2004
Why does this concern us:
- Exploitation of SMBleed may allow for remote leaks of kernel memory on affected systems
- This may lead to unauthenticated remote code execution
What would we ask to be done about it:
- Update to the latest version of Windows 10
- For Windows 10 devices that cannot update, block port 445 to mitigate
Supporting Data:
- https://blog.zecops.com/vulnerabilities/smbleedingghost-writeup-chaining-smbleed-cve-2020-1206-with-smbghost
- https://thehackernews.com/2020/06/SMBleed-smb-vulnerability.html
- https://www.bleepingcomputer.com/news/security/new-windows-10-smbv3-flaw-can-be-used-for-data-theft-rce-attacks
Version: 1.0
Steven Hergert | 06/10/2020