AttackerKBAKB:E2B9F961-5F1F-496F-97F1-1CF8968AE023CVE-2020-1301 Windows SMB Remote Code Execution Vulnerability
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests, aka ‘Windows SMB Remote Code Execution Vulnerability’.
Recent assessments:
gwillcox-r7 at June 10, 2020 12:14am UTC reported:
To add to @busterb’s assessment, another thing to consider is that SMBv1, which this vulnerability relies on, is disabled by default on Windows 10 (Build 1803) according to <https://www.petenetlive.com/KB/Article/0001461>. This is further confirmed on Microsoft’s official website at <https://docs.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/smbv1-not-installed-by-default-in-windows> where they state that SMBv1 is not installed by default on Windows 10 version 1709 and later and Windows Server version 1709 and later.
Considering the push from Microsoft to force Windows 10 users to automatically upgrade, and the fact that according to <https://gs.statcounter.com/os-version-market-share/windows/desktop/worldwide>, 72.96% of Windows users are running Windows 10, the chances are that unless your in an environment where you need to support older software, SMBv1 is most likely going to be disabled.
Exploitability will most likely be difficult given the past history of SMB vulnerabilities, but may be easier on older versions of Windows such as Windows 7 that have not introduced the modern mitigations that Windows 10 has, particularly in the area of heap randomization.
busterb at June 09, 2020 7:23pm UTC reported:
To add to @busterb’s assessment, another thing to consider is that SMBv1, which this vulnerability relies on, is disabled by default on Windows 10 (Build 1803) according to <https://www.petenetlive.com/KB/Article/0001461>. This is further confirmed on Microsoft’s official website at <https://docs.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/smbv1-not-installed-by-default-in-windows> where they state that SMBv1 is not installed by default on Windows 10 version 1709 and later and Windows Server version 1709 and later.
Considering the push from Microsoft to force Windows 10 users to automatically upgrade, and the fact that according to <https://gs.statcounter.com/os-version-market-share/windows/desktop/worldwide>, 72.96% of Windows users are running Windows 10, the chances are that unless your in an environment where you need to support older software, SMBv1 is most likely going to be disabled.
Exploitability will most likely be difficult given the past history of SMB vulnerabilities, but may be easier on older versions of Windows such as Windows 7 that have not introduced the modern mitigations that Windows 10 has, particularly in the area of heap randomization.
Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 2
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P