Windows SMB protocol hit again by a new critical vulnerability - SMBleed

Windows SMB protocol hit again by a new critical vulnerability - SMBleed

Hello everyone,  


A mere three months after patching a wormable SMBv3 vulnerability dubbed SMBGhost (CVE-2020-0796), cybersecurity researchers have identified another similar vulnerability in Windows SMB protocol. This vulnerability is called SMBleed (CVE-2020-1206) and has a severity rating score of 10. 


What is SMBleed?

SMBleed is a new critical wormable vulnerability found in the Windows Server Message Block (SMB) protocol. This vulnerability allows attackers to leak kernel memory remotely. SMBleed combined with SMGhost (discovered and patched in March 2020), could allow attackers to execute remote code attacks. To exploit this vulnerability, Microsoft says that the threat actors would need to configure a malicious SMBv3 server and convince the user to connect to it.


Windows versions impacted

This vulnerability impacts Windows 10 versions 1903 and 1909. Microsoft has released patches to address the same in this month's Patch Tuesday updates.  


Patches released along with June Patch Tuesday updates

To patch this vulnerability using Patch Manager Plus, initiate a sync between the Patch Database and Patch Manager Plus server. Search for the following Patch IDs and install them or install the respective cumulative updates 


Windows version

Patch ID

KB number

Windows 10 Version 1909 for x64-based Systems

29067

KB4560960

Windows 10 Version 1909 for x86-based Systems 

29070

KB4560960

Windows 10 Version 1903 for x64-based Systems 

29071

KB4560960

Windows 10 Version 1903 for x86-based Systems 

29069

KB4560960

Windows 10 Version 2004 for x64-based Systems

29079

KB4557957

Windows 10 Version 2004 for x86-based Systems

29081

KB4557957


If you are not in a position to apply these patches, it's advised to block port 445 to prevent lateral movement and remote exploitation.


Cheers, 

The ManageEngine team 



                New to ADSelfService Plus?