Vulnerability Awareness – Recent SMB Vulnerabilities

Last Tuesday, Microsoft patched multiple vulnerabilities in SMB (Server Message Block), the protocol used to facilitate the sharing of files, printers and serial ports between computers; two in SMB v3, and one in SMB v1. The vulnerabilities have been given catchy names, SMBleed and SMBLost, respectively. Cybersecurity firm Tenable has posted a technical summary on the concerns of each. Regarding SMBleed (CVE-2020-1206), the biggest concern is related to a prior patch for “SMBGhost” (CVE-2020-0796) in March for the same feature of SMB v3. SMBleed is an information disclosure vulnerability. According to researchers, the information disclosed is Kernel memory, and paired with SMBGhost for privilege escalation, SMBleed can lead to devastating attacks. SMBLost (CVE-2020-1301) is a remote code execution (RCE) vulnerability affecting SMB v1. Given SMB v1 should have been disabled a long time ago, organizations should consider doing so as soon as possible. In addition to patching, best practices to protect against SMB vulnerabilities involve not permitting SMB to exit the perimeter and closely monitoring internal SMB traffic. Read more about the vulnerabilities in this post at Tenable