AttackerKBAKB:E2B9F961-5F1F-496F-97F1-1CF8968AE023CVE-2020-1301 Windows SMB Remote Code Execution Vulnerability
0.018 Low
EPSS
Percentile
88.1%
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests, aka ‘Windows SMB Remote Code Execution Vulnerability’.
Recent assessments:
gwillcox-r7 at June 10, 2020 12:14am UTC reported:
To add to @busterb’s assessment, another thing to consider is that SMBv1, which this vulnerability relies on, is disabled by default on Windows 10 (Build 1803) according to <https://www.petenetlive.com/KB/Article/0001461>. This is further confirmed on Microsoft’s official website at <https://docs.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/smbv1-not-installed-by-default-in-windows> where they state that SMBv1 is not installed by default on Windows 10 version 1709 and later and Windows Server version 1709 and later.
Considering the push from Microsoft to force Windows 10 users to automatically upgrade, and the fact that according to <https://gs.statcounter.com/os-version-market-share/windows/desktop/worldwide>, 72.96% of Windows users are running Windows 10, the chances are that unless your in an environment where you need to support older software, SMBv1 is most likely going to be disabled.
Exploitability will most likely be difficult given the past history of SMB vulnerabilities, but may be easier on older versions of Windows such as Windows 7 that have not introduced the modern mitigations that Windows 10 has, particularly in the area of heap randomization.
busterb at June 09, 2020 7:23pm UTC reported:
To add to @busterb’s assessment, another thing to consider is that SMBv1, which this vulnerability relies on, is disabled by default on Windows 10 (Build 1803) according to <https://www.petenetlive.com/KB/Article/0001461>. This is further confirmed on Microsoft’s official website at <https://docs.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/smbv1-not-installed-by-default-in-windows> where they state that SMBv1 is not installed by default on Windows 10 version 1709 and later and Windows Server version 1709 and later.
Considering the push from Microsoft to force Windows 10 users to automatically upgrade, and the fact that according to <https://gs.statcounter.com/os-version-market-share/windows/desktop/worldwide>, 72.96% of Windows users are running Windows 10, the chances are that unless your in an environment where you need to support older software, SMBv1 is most likely going to be disabled.
Exploitability will most likely be difficult given the past history of SMB vulnerabilities, but may be easier on older versions of Windows such as Windows 7 that have not introduced the modern mitigations that Windows 10 has, particularly in the area of heap randomization.
Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 2
Related
