Security Company: Beware of Microsoft SMBv3 Client / Server Remote Code Execution Vulnerability

According to Slow Fog Zone Intelligence, on March 11, 2020, foreign security companies released a summary of the vulnerabilities involved in the recent Microsoft security patch package, one of which was labeled as Critical SMB Service Remote Code Execution Vulnerability (CVE-2020- 0796), an attacker could use this vulnerability to gain full control of the machine. On March 12, 2020, Microsoft released the corresponding security patches, and users are strongly recommended to install the patches immediately. On March 30, a local elevation code that exploited this vulnerability appeared in public channels. The SlowMist security team verified that it was available. Local attackers could use the vulnerability to elevate the privileges from ordinary users to system privileges.

At present, in view of the development trend of vulnerabilities, the SlowMist security team does not rule out the possibility of executing arbitrary code. Due to the fact that the vulnerability does not require user verification, it may lead to worm-like spread like WannaCry; the SlowMist security team reminds the currency circle platform and individual users Please pay attention to the safety of your own funds and upgrade as soon as possible.

Microsoft security patch link: / advisory / ADV200005