Lucene search

K
myhack58佚名MYHACK58:62202097543
HistoryMar 14, 2020 - 12:00 a.m.

Odd security letter issued to Microsoft a high-risk vulnerability warning Win10 as the main effect of the target-vulnerability warning-the black bar safety net

2020-03-1400:00:00
佚名
www.myhack58.com
93

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

Recently, Qi’an letter of Threat Intelligence Center released Microsoft WindowsSMBv3 service remote code execution vulnerability announcements. Notice that 3 on 11 May, the foreign company released a recent Microsoft security patch design vulnerability summary, which includes a threat level is marked as Critical SMB service remote code execution vulnerability, the vulnerability number CVE-2020-0796, the vulnerability exists in the Windows SMBv3 file sharing and print services in.
According to the Company Description, An attacker can exploit this vulnerability, the remote to send the special structure of malicious data, and without user authentication can lead to on the target system to execute malicious code, thereby acquiring the machine full control permissions. Odd Anxin Threat Intelligence Center the red rain team remind, the use of this vulnerability can be stably caused by the system crash, due to the vulnerability of the presence information has spread, and there are indications that the hacker groups are actively research vulnerabilities details Try Use, constitute a potential security threat.
Support the Protocol of the device including Windows 8, Windows 8.1, Windows 10, Windows Server 2012, and Windows Server 2016, but from Microsoft’s announcement of view of the affected target is mainly Win10 system. It is worth noting that, according to market research firm NetMarketShare’s latest data show that in Win10 system currently on the market accounted for 57. 39%, and with the Windows 7 operating system officially stop taking, this ratio also will continue to grow. Therefore, taking into account the related devices of the order of magnitude, the vulnerability of potential threats is large, and there is a wide range of Use May, for example, the Eternal Blue of the event, etc.
Vulnerability the basic situation is as follows:
! [](/Article/UploadPic/2020-3/2020314211318678. png)
Currently, Microsoft has released the appropriate security patches, Qi’an the letter strongly recommends that users immediately install patches to protect against this vulnerability to cause the risk. Patch installation can access the following links:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796
Such as temporarily not convenient to install the patch, Microsoft recommends executing the following command disables SMB 3.0 compression function:
Set-ItemProperty-Path"HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters"DisableCompression-Type DWORD-Value 1-Force

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P