Windows 10 Vulnerability: SMBleed

SMBleed Vulnerability on Windows 10
blog.zecops.com

CWRU ISO Risk Report

Windows 10: SMBleed Vulnerability

What is happening on the ground:

  • In June 2020, a bug in the compression mechanism of SMBv3.1.1 was discovered
  • Dubbed SMBleed (CVE-2020-1206); this has been called a sibling of SMBGhost (CVE-2020-0796) which was patched in March
  • This only impacts Windows devices with SMBv3
    • Windows 10 versions 1903, 1909, and 2004, as well as Server Core installations of Windows Server versions 1903, 1909, and 2004

Why does this concern us:

  • Exploitation of SMBleed may allow for remote leaks of kernel memory on affected systems
  • This may lead to unauthenticated remote code execution

What would we ask to be done about it:

  • Update to the latest version of Windows 10
  • For Windows 10 devices that cannot update, block port 445 to mitigate

Supporting Data:

  • https://blog.zecops.com/vulnerabilities/smbleedingghost-writeup-chaining-smbleed-cve-2020-1206-with-smbghost
  • https://thehackernews.com/2020/06/SMBleed-smb-vulnerability.html
  • https://www.bleepingcomputer.com/news/security/new-windows-10-smbv3-flaw-can-be-used-for-data-theft-rce-attacks

Version: 1.0
Steven Hergert | 06/10/2020