Remote Code Execution Vulnerability in Microsoft SMBv3 Protocol
CVE-2020-0796

10CRITICAL

Key Information:

Vendor: Microsoft
Status: Windows 10 Version 1903 For 32-bit Systems; Windows 10 Version 1903 For X64-based Systems; Windows 10 Version 1903 For Arm64-based Systems; Windows Server, Version 1903 (server Core Installation)
Vendor: CVE Published:; 12 March 2020

Badges

💰 Ransomware👾 Exploit Exists🟡 Public PoC🟣 EPSS 99%🦅 CISA Reported

What is CVE-2020-0796?

A significant remote code execution vulnerability exists in Microsoft's Server Message Block 3.1.1 (SMBv3) protocol. The flaw arises from the handling of certain requests, allowing an attacker to execute arbitrary code on the target system. This could lead to unauthorized access and potentially compromise sensitive data. Systems utilizing affected versions are urged to apply patches as provided by Microsoft to mitigate the risks posed by this vulnerability.

CISA has reported CVE-2020-0796

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2020-0796 as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: Apply updates per vendor instructions.

Affected Version(s)

Windows 10 Version 1903 for 32-bit Systems = unspecified

Windows 10 Version 1903 for ARM64-based Systems = unspecified

Windows 10 Version 1903 for x64-based Systems = unspecified

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2020-0796
Created by danigargu

SMBGhost
Created by ly4k

CVE-2020-0796-RCE-POC
Created by jamf