SMBleed (CVE-2020-1206) and SMBLost (CVE-2020-1301) Vulnerabilities Affect Microsoft SMBv3 and SMBv1

As part of Microsoft’s June 2020 Patch Tuesday release on June 9, researchers disclosed two new vulnerabilities in Microsoft Server Message Block (SMB), a protocol used to facilitate the sharing of files, printers and serial ports between computers.

On March 12, Microsoft published an out-of-band advisory for CVE-2020-0796, a remote code execution (RCE) flaw in SMBv3 that was inadvertently revealed in Microsoft’s March 2020 Patch Tuesday release. Within one day, security researchers from KryptosLogic and SophosLabs published proof-of-concept (PoC) scripts that could trigger a blue screen of death (BSoD) on vulnerable systems. At the time there was an expectation that a PoC achieving RCE would be released.

Microsoft released patches for SMBleed and SMBLost as part of their June 2020 Patch Tuesday release. It is also noteworthy that Microsoft provided patches to address SMBLost for Windows 7 and Windows Server 2008, both of which reached the end of their support cycle in January 2020. Tenable strongly recommends applying these patches as soon as possible.

If upgrading is not feasible to address both SMBleed and SMBGhost, Microsoft has recommended disabling SMBv3 compression.

For a more detailed look at this vulnerability, please refer to our blog.