Author Topic: KB4551762 Released to Address CVE-2020-0796  (Read 301 times)

0 Members and 1 Guest are viewing this topic.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19971
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
KB4551762 Released to Address CVE-2020-0796
« on: March 12, 2020, 10:26:33 PM »
From CVE-2020-0796 | Windows SMBv3 Client/Server Remote Code Execution Vulnerability:

Quote
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client.

To exploit the vulnerability against a server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 server. To exploit the vulnerability against a client, an unauthenticated attacker would need to configure a malicious SMBv3 server and convince a user to connect to it.

The security update addresses the vulnerability by correcting how the SMBv3 protocol handles these specially crafted requests.

KB 4551762:  This update is for Windows 10 Versions 1903 and 1909.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.