Hello everyone,
A mere three months after patching a wormable SMBv3 vulnerability dubbed SMBGhost (CVE-2020-0796), cybersecurity researchers have identified another similar vulnerability in Windows SMB protocol. This vulnerability is called SMBleed (CVE-2020-1206) and has a severity rating score of 10.
SMBleed is a new critical wormable vulnerability found in the Windows Server Message Block (SMB) protocol. This vulnerability allows attackers to leak kernel memory remotely. SMBleed combined with SMGhost (discovered and patched in March 2020), could allow attackers to execute remote code attacks. To exploit this vulnerability, Microsoft says that the threat actors would need to configure a malicious SMBv3 server and convince the user to connect to it.
This vulnerability impacts Windows 10 versions 1903 and 1909. Microsoft has released patches to address the same in this month's Patch Tuesday updates.
To patch this vulnerability using Patch Manager Plus, initiate a sync between the Patch Database and Patch Manager Plus server. Search for the following Patch IDs and install them or install the respective cumulative updates
Windows version | Patch ID | KB number |
Windows 10 Version 1909 for x64-based Systems | 29067 | KB4560960 |
Windows 10 Version 1909 for x86-based Systems | 29070 | KB4560960 |
Windows 10 Version 1903 for x64-based Systems | 29071 | KB4560960 |
Windows 10 Version 1903 for x86-based Systems | 29069 | KB4560960 |
Windows 10 Version 2004 for x64-based Systems | 29079 | KB4557957 |
Windows 10 Version 2004 for x86-based Systems | 29081 | KB4557957 |
The ManageEngine team