Microsoft released a patch for vulnerability CVE-2020-0796 on March 12, 2020. CVE-2020-0796 is a remote code execution vulnerability in Windows Server Message Block 3.1.1 (SMBv3). An attacker who successfully exploited the vulnerability can gain the ability to execute code on the intended server or client. Alibaba Cloud has synchronized this update to the Windows system update source. We recommend that you update the operating system of your Elastic Compute Service (ECS) instance with the latest patches at your earliest convenience.

Detected vulnerability

  • Vulnerability number: CVE-2020-0796
  • Vulnerability severity: critical
  • Patch update date: March 12, 2020
  • Vulnerability location: SMBv3 on Windows 10 and Windows Server
  • Affected versions:
    • Windows 10 versions 1903 and 1909
    • Windows Server Version 1903
    • Windows Server Version 1909
      Note As of April 1, 2020, Alibaba Cloud has updated the security patch for the Windows Server version 1909 public image against vulnerability CVE-2020-0796. You do not need to update the patch again when you use this public image to create an ECS instance or replace the system disk of the instance in the ECS console.

Details

A remote code execution vulnerability exists in the way that the Microsoft SMBv3 protocol handles some requests. An attacker who successfully exploited the vulnerability can gain the ability to execute code on the target server or client.

  • To exploit the vulnerability against a server, an unauthenticated attacker could send a specially crafted packet to a target SMBv3 server.
  • To exploit the vulnerability against a client, an unauthenticated attacker can configure a malicious SMBv3 server and convince a user to connect to the server.

Security suggestion

Install the patch for vulnerability CVE-2020-0601 at your earliest convenience.

Solution

You can use one of the following methods to install the patch for vulnerability CVE-2020-0796:

  • Method 1: Use the Windows Update program to install the new security updates or cumulative updates released in March 2020.
  • Method 2: Visit the official Microsoft website to download the patch.
    1. Download and install the service stack update KB4541338.
    2. Download and install the cumulative update KB4551762.

      For Windows Server version 1909, download the update from windows10.0-kb4551762-x64.

    3. Restart the operating system of the ECS instance.
      Warning The restart operation stops the instance for a short period of time and may interrupt services that are running on the instance. We recommend that you restart instances during off-peak hours.

References

Announcing party

Alibaba Cloud Computing Co., Ltd.