vendor:
Windows 10
by:
Microsoft Security Response Center
10.0
CVSS
CRITICAL
Remote Code Execution
119
CWE
Product Name: Windows 10
Affected Version From: Windows 10 Version 1903 for 32-bit Systems
Affected Version To: Windows 10 Version 1909 for 32-bit Systems
Patch Exists: YES
Related CWE: CVE-2020-0796
CPE: o:microsoft:windows_10:1903
Other Scripts:
N/A
Platforms Tested: Windows
2020
Microsoft Windows SMBv3 Client/Server Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target SMB Server or SMB Client. To exploit the vulnerability against an SMB Server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 Server. To exploit the vulnerability against an SMB Client, an unauthenticated attacker would need to configure a malicious SMBv3 Server and convince a user to connect to it.
Mitigation:
Microsoft has released a security update to address this vulnerability.
