CVE-2020-1301 | Windows SMB v1远程代码执行漏洞通告

发布时间 2020-06-10

0x00 漏洞概述


CVE   ID

CVE-2020-1301

   

2020-06-10

   

RCE

   

中危

远程利用

影响范围


0x01 漏洞详情




微软于周二发布了6月Betway88更新补丁,修复了129个漏洞。其中包括一个Windows SMB远程代码执行漏洞(CVE-2020-1301),尽管本月更新的漏洞数量很多,但在Microsoft今天发布补丁之前,还没有发现被利用的漏洞。建议管理员尽快部署更新。

Server Message Block(SMB)是为计算机提供身份验证以访问服务器上打印机和文件系统的组件。该漏洞源于Microsoft SMB 1.0 (SMBv1) 服务器在处理某些请求的方法中存在错误,导致成功利用此漏洞的攻击者可以在目标系统上执行任意代码。

另外的永恒之蓝就是利用SMB v1漏洞,建议关闭SMB v1,想要触发此漏洞需要先通过身份认证,危害等级属于中危。


0x02 影响范围


以下是CVE-2020-1301漏洞受影响的系统版本:

Windows 10 Version 1803 for 32-bit Systems

Windows 10 Version 1803 for x64-based Systems

Windows Server, version 1803 (Server Core Installation)

Windows 10 Version 1803 for ARM64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows 10 Version 1909 for 32-bit Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows Server, version 1909 (Server Core installation)

Windows 10 Version 1709 for 32-bit Systems

Windows 10 Version 1709 for x64-based Systems

Windows 10 Version 1709 for ARM64-based Systems

Windows 10 Version 1903 for 32-bit Systems

Windows 10 Version 1903 for x64-based Systems

Windows 10 Version 1903 for ARM64-based Systems

Windows Server, version 1903 (Server Core installation)

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for Itanium-Based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows 10 Version 2004 for x64-based Systems

Windows Server, version 2004 (Server Core installation)

Windows 10 Version 2004 for 32-bit Systems

Windows 10 Version 2004 for ARM64-based Systems


0x03 处置建议


建议禁用SMB v1

对于运行Windows Vista和更高版本的用户,请参考Microsoft知识库文章2696547。

运行Windows 8.1或Windows Server 2012 R2及更高版本的客户端操作系统:

1. 打开控制面板,单击“程序”,然后单击“打开或关闭Windows功能”。

2. 在“Windows功能”窗口中,清除“SMB 1.0 / CIFS文件共享支持”复选框,然后单击“确定”关闭该窗口。

3. 重新启动系统。

对于服务器操作系统:

1. 打开服务器管理器,然后单击“管理”菜单,然后选择“删除角色和功能”。

2. 在“功能”窗口中,清除“SMB 1.0 / CIFS文件共享支持”复选框,然后单击“确定”关闭该窗口。

3. 重新启动系统。

此解决方法将导致SMB v1协议将在目标系统上被禁用。


0x04 相关新闻


https://www.zdnet.com/article/microsoft-june-2020-patch-tuesday-fixes-129-vulnerabilities/#ftag=RSSbaffb68


0x05 参考链接


https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1301

https://docs.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3

https://portal.msrc.microsoft.com/zh-cn/security-guidance


0x06 时间线


2020-06-09 微软更新漏洞补丁

2020-06-10 VSRC发布漏洞通告