¡¾¸üС¿CVE-2020-0796 | Windows SMBv3ЭÒéÈä³æ¼¶Îó²îͨ¸æ

Ðû²¼Ê±¼ä 2020-06-03

0x00 Îó²î¸ÅÊö

                   

CVE   ID

CVE-2020-0796

ʱ    ¼ä

2020-06-03

Àà   ÐÍ

RCE

µÈ    ¼¶

ÑÏÖØ

Ô¶³ÌʹÓÃ

ÊÇ

Ó°Ïì¹æÄ£

Windows 10 Version 1903 for 32-bit Systems

Windows 10 Version 1903 for x64-based Systems

Windows 10 Version 1903 for ARM64-based Systems

Windows Server, version 1903 (Server Core installation)

Windows 10 Version 1909 for 32-bit Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows Server, version 1909 (Server Core installation)


0x01 Îó²îÏêÇé


¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


Microsoft WindowsºÍMicrosoft Windows Server¶¼ÊÇÃÀ¹ú΢Èí£¨Microsoft£©¹«Ë¾µÄ²úÆ·¡£¡£¡£¡£Microsoft WindowsÊÇÒ»Ì×СÎÒ˽¼Ò×°±¸Ê¹ÓõIJÙ×÷ϵͳ£¬£¬£¬£¬£¬£¬Microsoft Windows ServerÊÇÒ»Ì×ЧÀÍÆ÷²Ù×÷ϵͳ£¬£¬£¬£¬£¬£¬Server Message BlockÊÇÆäÖеÄÒ»¸öЧÀÍÆ÷ÐÅÏ¢´«ÊäЭÒé¡£¡£¡£¡£


2020Äê3ÔÂ10ÈÕ£¬£¬£¬£¬£¬£¬Î¢ÈíÐû²¼Ç徲ͨ¸æ£¬£¬£¬£¬£¬£¬ÆäÖаüÀ¨Ò»¸öWindows SMBv3 Ô¶³Ì´úÂëÖ´ÐÐÎó²î£¨CVE-2020-0796£©¡£¡£¡£¡£¸ÃÎó²îÔ´ÓÚSMBv3ЭÒéÔÚ´¦Öóͷ£¶ñÒâѹËõÊý¾Ý°üʱ£¬£¬£¬£¬£¬£¬½øÈëÁ˹ýʧÁ÷³Ì¡£¡£¡£¡£Ô¶³Ìδ¾­Éí·ÝÑéÖ¤µÄ¹¥»÷Õß¿ÉʹÓøÃÎó²îÔÚÓ¦ÓóÌÐòÖÐÖ´ÐÐí§Òâ´úÂë¡£¡£¡£¡£


2020Äê6ÔÂ2ÈÕ£¬£¬£¬£¬£¬£¬ÍâÑóÇå¾²Ñо¿Ô±¹ûÕæÁËCVE-2020-0796£¨ÓÖÃû£ºSMBGhost£©Îó²îµÄRCE´úÂ룬£¬£¬£¬£¬£¬¹¥»÷Õß¿ÉÄÜ»ùÓÚ´ËPOC½á¹¹µ¼ÖÂÈä³æʽÈö²¥µÄÎäÆ÷»¯¹¤¾ß£¬£¬£¬£¬£¬£¬ÎÞÐèÓû§½»»¥¼´¿É¿ØÖÆÄ¿µÄϵͳ£¬£¬£¬£¬£¬£¬´ËÇ°ÒѹûÕæµÄPoCÊǿɵ¼ÖÂÊÜÓ°ÏìµÄϵͳÀ¶ÆÁ¡£¡£¡£¡£


ÑÝʾÊÓƵ£º

https://twitter.com/RicercaSec/status/1249904222490918917


¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


0x02 ´¦Öóͷ£½¨Òé


ÏÖÔÚ³§ÉÌÒÑÐû²¼Éý¼¶²¹¶¡ÒÔÐÞ¸´Îó²î£¬£¬£¬£¬£¬£¬²¹¶¡»ñÈ¡Á´½Ó£º

https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2020-0796


ÔÝʱ²½·¥£º


¡ñ ¿ÉʹÓÃ×¢²á±í½ûÓÃSMBv3 µÄcompression£¬£¬£¬£¬£¬£¬ÏÂÁîÈçÏ£º

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force

¡ñ ½¨Òé¹Ø±ÕSMBЧÀͶ˿Ú£¬£¬£¬£¬£¬£¬½ûÓÃ139ºÍ445¶Ë¿Ú¡£¡£¡£¡£


0x03 Ïà¹ØÐÂÎÅ


https://blog.rapid7.com/2020/03/12/cve-2020-0796-microsoft-smbv3-remote-code-execution-vulnerability-analysis/


0x04 ²Î¿¼Á´½Ó


https://github.com/chompie1337/SMBGhost_RCE_PoC

https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2020-0796


0x05 ʱ¼äÏß


2020-03-12 ΢Èí¸üв¹¶¡

2020-06-02 Ñо¿Ö°Ô±¹ûÕæÔ¶³Ì´úÂëÖ´ÐеÄPoC

2020-06-03 VSRCÐû²¼Îó²îͨ¸æ


¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨