Odd security letter issued to Microsoft a high-risk vulnerability warning Win10 as the main effect of the target-vulnerability warning-the black bar safety net


Recently, Qi'an letter of Threat Intelligence Center released Microsoft WindowsSMBv3 service remote code execution vulnerability announcements. Notice that 3 on 11 May, the foreign company released a recent Microsoft security patch design vulnerability summary, which includes a threat level is marked as Critical SMB service remote code execution vulnerability, the vulnerability number CVE-2020-0796, the vulnerability exists in the Windows SMBv3 file sharing and print services in. According to the Company Description, An attacker can exploit this vulnerability, the remote to send the special structure of malicious data, and without user authentication can lead to on the target system to execute malicious code, thereby acquiring the machine full control permissions. Odd Anxin Threat Intelligence Center the red rain team remind, the use of this vulnerability can be stably caused by the system crash, due to the vulnerability of the presence information has spread, and there are indications that the hacker groups are actively research vulnerabilities details Try Use, constitute a potential security threat. Support the Protocol of the device including Windows 8, Windows 8.1, Windows 10, Windows Server 2012, and Windows Server 2016, but from Microsoft's announcement of view of the affected target is mainly Win10 system. It is worth noting that, according to market research firm NetMarketShare's latest data show that in Win10 system currently on the market accounted for 57. 39%, and with the Windows 7 operating system officially stop taking, this ratio also will continue to grow. Therefore, taking into account the related devices of the order of magnitude, the vulnerability of potential threats is large, and there is a wide range of Use May, for example, the Eternal Blue of the event, etc. Vulnerability the basic situation is as follows: ! [](/Article/UploadPic/2020-3/2020314211318678. png) Currently, Microsoft has released the appropriate security patches, Qi'an the letter strongly recommends that users immediately install patches to protect against this vulnerability to cause the risk. Patch installation can access the following links: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796 Such as temporarily not convenient to install the patch, Microsoft recommends executing the following command disables SMB 3.0 compression function: Set-ItemProperty-Path"HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters"DisableCompression-Type DWORD-Value 1-Force