¡¾¸üС¿CVE-2020-0796 | Windows SMBv3ºÍ̸Èä³æ¼¶·ì϶¹«¸æ

°ä²¼¹¦·ò 2020-06-03

0x00 ·ì϶¸ÅÊö

                   

CVE   ID

CVE-2020-0796

ʱ    ¼ä

2020-06-03

Àà   ÐÍ

RCE

µÈ    ¼¶

ÑϳÁ

Ô¶³ÌÀûÓÃ

ÊÇ

Ó°ÏìÁìÓò

Windows 10 Version 1903 for 32-bit Systems

Windows 10 Version 1903 for x64-based Systems

Windows 10 Version 1903 for ARM64-based Systems

Windows Server, version 1903 (Server Core installation)

Windows 10 Version 1909 for 32-bit Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows Server, version 1909 (Server Core installation)


0x01 ·ì϶ÏêÇé


8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website


Microsoft WindowsºÍMicrosoft Windows Server¶¼ÊÇÃÀ¹ú΢Èí£¨Microsoft£©¹«Ë¾µÄ²úÆ·¡£¡£¡£¡£¡£¡£¡£Microsoft WindowsÊÇÒ»Ì×Ó×ÎÒÉ豸ʹÓõIJÙ×÷ϵͳ£¬£¬ £¬£¬£¬£¬ £¬£¬Microsoft Windows ServerÊÇÒ»Ì×·þÎñÆ÷²Ù×÷ϵͳ£¬£¬ £¬£¬£¬£¬ £¬£¬Server Message BlockÊÇÆäÖеÄÒ»¸ö·þÎñÆ÷ÐÅÏ¢´«ÊäºÍ̸¡£¡£¡£¡£¡£¡£¡£


2020Äê3ÔÂ10ÈÕ£¬£¬ £¬£¬£¬£¬ £¬£¬Î¢Èí°ä²¼°²È«²¼¸æ£¬£¬ £¬£¬£¬£¬ £¬£¬ÆäÖÐÔ̺¬Ò»¸öWindows SMBv3 Ô¶³Ì´úÂëÖ´Ðзì϶£¨CVE-2020-0796£©¡£¡£¡£¡£¡£¡£¡£¸Ã·ì϶ԴÓÚSMBv3ºÍ̸ÔÚ´¦ÖöñÒâѹËõÊý¾Ý°üʱ£¬£¬ £¬£¬£¬£¬ £¬£¬½øÈëÁËÃýÎóÁ÷³Ì¡£¡£¡£¡£¡£¡£¡£Ô¶³Ìδ¾­Éí·ÝÑéÖ¤µÄ¹¥»÷Õß¿ÉÀûÓø÷ì϶ÔÚÀûÓ÷¨Ê½ÖÐÖ´ÐÐËÁÒâ´úÂë¡£¡£¡£¡£¡£¡£¡£


2020Äê6ÔÂ2ÈÕ£¬£¬ £¬£¬£¬£¬ £¬£¬¹ú±í°²È«×êÑÐÔ±¹«¿ªÁËCVE-2020-0796£¨±ðºÅ£ºSMBGhost£©·ì϶µÄRCE´úÂ룬£¬ £¬£¬£¬£¬ £¬£¬¹¥»÷Õß¿ÉÄÜ»ùÓÚ´ËPOC»ú¹Øµ¼ÖÂÈä³æʽ´«²¼µÄ±øÆ÷»¯¹¤¾ß£¬£¬ £¬£¬£¬£¬ £¬£¬ÎÞÐèÓû§½»»¥¼´¿É½ÚÔìÖ¸±êϵͳ£¬£¬ £¬£¬£¬£¬ £¬£¬´ËÇ°Òѹ«¿ªµÄPoCÊǿɵ¼ÖÂÊÜÓ°ÏìµÄϵͳÀ¶ÆÁ¡£¡£¡£¡£¡£¡£¡£


ÑÝʾÊÓƵ£º

https://twitter.com/RicercaSec/status/1249904222490918917


8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website


0x02 ´ëÖý¨Òé


Ä¿Ç°³§ÉÌÒÑ°ä²¼Éý¼¶²¹¶¡ÒÔ½¨¸´·ì϶£¬£¬ £¬£¬£¬£¬ £¬£¬²¹¶¡»ñÈ¡Á´½Ó£º

https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2020-0796


һʱ´ëÊ©£º


¡ñ ¿ÉʹÓÃ×¢²á±í½ûÓÃSMBv3 µÄcompression£¬£¬ £¬£¬£¬£¬ £¬£¬ºÅÁîÈçÏ£º

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force

¡ñ ½¨Òé¹Ø¹ØSMB·þÎñ¶Ë¿Ú£¬£¬ £¬£¬£¬£¬ £¬£¬½ûÓÃ139ºÍ445¶Ë¿Ú¡£¡£¡£¡£¡£¡£¡£


0x03 ÓйØÐÂÎÅ


https://blog.rapid7.com/2020/03/12/cve-2020-0796-microsoft-smbv3-remote-code-execution-vulnerability-analysis/


0x04 ²Î¿¼Á´½Ó


https://github.com/chompie1337/SMBGhost_RCE_PoC

https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2020-0796


0x05 ¹¦·òÏß


2020-03-12 ΢Èí¸üв¹¶¡

2020-06-02 ×êÑÐÈËÔ±¹«¿ªÔ¶³Ì´úÂëÖ´ÐеÄPoC

2020-06-03 VSRC°ä²¼·ì϶¹«¸æ


8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website