首頁 > 安全研究 > 安全通報 > 安全通告

CVE-2020-1301 | Windows SMB v1遠程代碼執行漏洞通告

發布時間 2020-06-10

0x00 漏洞概述


CVE   ID

CVE-2020-1301

   

2020-06-10

   

RCE

   

中危

遠程利用

影響范圍


0x01 漏洞詳情




微軟于周二發布了6月安全更新補丁,修復了129個漏洞。其中包括一個Windows SMB遠程代碼執行漏洞(CVE-2020-1301),盡管本月更新的漏洞數量很多,但在Microsoft今天發布補丁之前,還沒有發現被利用的漏洞。建議管理員盡快部署更新。

Server Message Block(SMB)是為計算機提供身份驗證以訪問服務器上打印機和文件系統的組件。該漏洞源于Microsoft SMB 1.0 (SMBv1) 服務器在處理某些請求的方法中存在錯誤,導致成功利用此漏洞的攻擊者可以在目標系統上執行任意代碼。

另外的永恒之藍就是利用SMB v1漏洞,建議關閉SMB v1,想要觸發此漏洞需要先通過身份認證,危害等級屬于中危。


0x02 影響范圍


以下是CVE-2020-1301漏洞受影響的系統版本:

Windows 10 Version 1803 for 32-bit Systems

Windows 10 Version 1803 for x64-based Systems

Windows Server, version 1803 (Server Core Installation)

Windows 10 Version 1803 for ARM64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows 10 Version 1909 for 32-bit Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows Server, version 1909 (Server Core installation)

Windows 10 Version 1709 for 32-bit Systems

Windows 10 Version 1709 for x64-based Systems

Windows 10 Version 1709 for ARM64-based Systems

Windows 10 Version 1903 for 32-bit Systems

Windows 10 Version 1903 for x64-based Systems

Windows 10 Version 1903 for ARM64-based Systems

Windows Server, version 1903 (Server Core installation)

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for Itanium-Based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows 10 Version 2004 for x64-based Systems

Windows Server, version 2004 (Server Core installation)

Windows 10 Version 2004 for 32-bit Systems

Windows 10 Version 2004 for ARM64-based Systems


0x03 處置建議


建議禁用SMB v1

對于運行Windows Vista和更高版本的用戶,請參考Microsoft知識庫文章2696547。

運行Windows 8.1或Windows Server 2012 R2及更高版本的客戶端操作系統:

1. 打開控制面板,單擊“程序”,然后單擊“打開或關閉Windows功能”。

2. 在“Windows功能”窗口中,清除“SMB 1.0 / CIFS文件共享支持”復選框,然后單擊“確定”關閉該窗口。

3. 重新啟動系統。

對于服務器操作系統:

1. 打開服務器管理器,然后單擊“管理”菜單,然后選擇“刪除角色和功能”。

2. 在“功能”窗口中,清除“SMB 1.0 / CIFS文件共享支持”復選框,然后單擊“確定”關閉該窗口。

3. 重新啟動系統。

此解決方法將導致SMB v1協議將在目標系統上被禁用。


0x04 相關新聞


https://www.zdnet.com/article/microsoft-june-2020-patch-tuesday-fixes-129-vulnerabilities/#ftag=RSSbaffb68


0x05 參考鏈接


https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1301

https://docs.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3

https://portal.msrc.microsoft.com/zh-cn/security-guidance


0x06 時間線


2020-06-09 微軟更新漏洞補丁

2020-06-10 VSRC發布漏洞通告




上一篇 下一篇