Microsoft released a patch for vulnerability CVE-2020-0796 on March 12, 2020. CVE-2020-0796 is a remote code execution vulnerability in Windows Server Message Block 3.1.1 (SMBv3). An attacker who successfully exploited the vulnerability can gain the ability to execute code on the target server or client. Alibaba Cloud has synchronized this update to the Windows system update source. We recommend that you update the operating system of your ECS instance with the latest patches at your earliest convenience.

Detected vulnerability

  • Vulnerability number: CVE-2020-0796
  • Vulnerability severity: critical
  • Patch update date: March 12, 2020
  • Vulnerability location: SMBv3 on Windows 10 and Windows Server
  • Affected versions:
    • Windows 10 versions 1903 and 1909
    • Windows Server Version 1903
    • Windows Server Version 1909
      Note As of April 1, 2020, Alibaba Cloud has updated the security patch for the Windows Server version 1909 public image against vulnerability CVE-2020-0796. You do not need to update the patch again when you use this public image to create an ECS instance or replace the system disk of the instance in the ECS console.

Details

A remote code execution vulnerability exists in the way that the Microsoft SMBv3 protocol handles certain requests. An attacker who successfully exploited the vulnerability can gain the ability to execute code on the target server or client.

  • To exploit the vulnerability against a server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 server.
  • To exploit the vulnerability against a client, an unauthenticated attacker needs to configure a malicious SMBv3 server and convince a user to connect to it.

Security suggestion

Install the patch at your earliest convenience.

Solution

You can use one of the following methods to install the patch for vulnerability CVE-2020-0796:

  • Method 1: Use the Windows Update program to install the new security updates or cumulative updates released in March 2020.
  • Method 2: Visit the official Microsoft website to download the patch.
    1. Download and install the service stack update KB4541338.
    2. Download and install the cumulative update KB4551762.
    3. Restart the operating system of the ECS instance.

References

Announcing party

Alibaba Cloud Computing Ltd.

If you have any requests or feedback, submit a ticket to contact Alibaba Cloud.