{"id":10774,"date":"2020-06-15T08:58:47","date_gmt":"2020-06-15T08:58:47","guid":{"rendered":"https:\/\/nsfocusglobal.com\/?p=10774"},"modified":"2020-06-15T08:58:47","modified_gmt":"2020-06-15T08:58:47","slug":"windows-smbv3-remote-code-execution-vulnerability-cve-2020-0796-technical-analysis-and-solution-2","status":"publish","type":"post","link":"https:\/\/nsfocusglobal.com\/pt-br\/windows-smbv3-remote-code-execution-vulnerability-cve-2020-0796-technical-analysis-and-solution-2\/","title":{"rendered":"Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796) Technical Analysis and Solution"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\"><strong>Overview<\/strong><\/h2>\n\n\n\n<p>On March 11, Beijing time, Microsoft released March 2020 updates to fix vulnerabilities among which is a remote code execution vulnerability in Microsoft Server Message Block 3.1.1 (SMBv3) indicated in a security bulletin released earlier. This vulnerability exists in the way the Microsoft SMBv3 protocol handles certain requests. An attacker could exploit this vulnerability in an unauthenticated way.<\/p>\n\n\n\n<p>For the SMBv3 server, attackers could send a crafted packet to the server to trigger this vulnerability; for the SMBv3 client, attackers could trigger the vulnerability by tricking the user into connecting to a maliciously crafted SMB server.<\/p>\n\n\n\n<!--more-->\n\n\n\n<p>NSFOCUS has reproduced the vulnerability exploitation process:<\/p>\n\n\n\n<p>Currently, Microsoft has release security updates to fix this vulnerability. As this vulnerability could pose a serious threat, users are strongly advised to apply related protections as soon as possible.<\/p>\n\n\n\n<p><strong>On the night of June 2, a security researcher was reported to announce the PoC code of a remote exploit of this vulnerability, increasing its potential hazard. Users are advised to apply the update as soon as possible to fix this vulnerability:<\/strong><\/p>\n\n\n\n<p>Reference link:<\/p>\n\n\n\n<figure class=\"wp-block-embed\"><div class=\"wp-block-embed__wrapper\">\nhttps:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2020-0796\n<\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Affected Versions<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Windows 10 Version 1903 for 32-bit Systems<\/li><li>Windows 10 Version 1903 for ARM64-based Systems<\/li><li>Windows 10 Version 1903 for x64-based Systems<\/li><li>Windows 10 Version 1909 for 32-bit Systems<\/li><li>Windows 10 Version 1909 for ARM64-based Systems<\/li><li>Windows 10 Version 1909 for x64-based Systems<\/li><li>Windows Server, version 1903 (Server Core installation)<\/li><li>Windows Server, version 1909 (Server Core installation)<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Technical Solutions<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Official Fix<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\"><li>Security Patch<\/li><\/ul>\n\n\n\n<p>Microsoft has released the KB4551762 security update to patch this vulnerability. Users are strongly advised to enable the automatic update service to apply the update for protection.<\/p>\n\n\n\n<p>Microsoft provides security updates for specific Windows versions at the following address:<\/p>\n\n\n\n<figure class=\"wp-block-embed\"><div class=\"wp-block-embed__wrapper\">\nhttps:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=KB4551762\n<\/div><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Workaround<\/li><\/ul>\n\n\n\n<p>If users cannot install patches for the time being, they can disable the compression function in SMBv3 for temporary protection of the SMBv3 server:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td>Set-ItemProperty -Path &#8220;HKLM:\\SYSTEM\\CurrentControlSet\\Services\\LanmanServer\\Parameters&#8221; DisableCompression -Type DWORD -Value 1 \u2013Force<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Note:<\/p>\n\n\n\n<p>1. No reboot is needed after making the change.<\/p>\n\n\n\n<p><strong>The preceding command is only used to temporarily protect against attacks targeting the SMB server. However, attackers can also exploit this vulnerability to target an SMB client.<\/strong><\/p>\n\n\n\n<p>2. To protect the SMB client, please read the following article and do as indicated in this article:<\/p>\n\n\n\n<figure class=\"wp-block-embed\"><div class=\"wp-block-embed__wrapper\">\nhttps:\/\/support.microsoft.com\/en-us\/help\/3185535\/preventing-smb-traffic-from-lateral-connections\n<\/div><\/figure>\n\n\n\n<p>3. Disabling SMB compression does not have a negative impact on performance.<\/p>\n\n\n\n<p>For more information, see Microsoft&#8217;s official security advisory at the following link:<\/p>\n\n\n\n<figure class=\"wp-block-embed\"><div class=\"wp-block-embed__wrapper\">\nhttps:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2020-0796\n<\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>NSFOCUS&#8217;s Recommendations<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Using NSFOCUS&#8217;s Detection Products or Services to Detect the Vulnerability<\/strong><\/li><\/ul>\n\n\n\n<p>For internal assets, use NSFOCUS Remote Security Assessment System (RSAS V6), Network Intrusion Detection System (NIDS), or Unified Threat Sensor (UTS) to check for the vulnerability:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>RSAS V6<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-embed\"><div class=\"wp-block-embed__wrapper\">\nhttp:\/\/update.nsfocus.com\/update\/listRsas\n<\/div><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>NIDS<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-embed\"><div class=\"wp-block-embed__wrapper\">\nhttp:\/\/update.nsfocus.com\/update\/listIds\n<\/div><\/figure>\n\n\n\n<figure class=\"wp-block-embed\"><div class=\"wp-block-embed__wrapper\">\nhttp:\/\/update.nsfocus.com\/update\/bsaUtsIndex\n<\/div><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Upgrade Package\/Rule Base Versions of Detection Products<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td><strong>Detection Product<\/strong><strong><\/strong><\/td><td><strong>Upgrade Package\/Rule Base Version<\/strong><strong><\/strong><\/td><\/tr><tr><td><strong>RSAS V6&#8217;s system plug-in<\/strong><strong><\/strong><\/td><td>6.0R02F01.1712<\/td><\/tr><tr><td><strong>NIDS<\/strong><\/td><td>5.6.10.22154, 5.6.9.22154<\/td><\/tr><tr><td><strong>UTS<\/strong><\/td><td>5.6.10.22154<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>RSAS V6 upgrade package download link<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-embed\"><div class=\"wp-block-embed__wrapper\">\nhttp:\/\/update.nsfocus.com\/update\/downloads\/id\/103169\n<\/div><\/figure>\n\n\n\n<p><strong>Note: &#8220;Microsoft SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796) [Thorough Scan]&#8221; is a dangerous plug-in which can result in a blue screen of death error on the host or cause the host to restart or shut down. <\/strong><strong>By default, this plug-in is disabled. If this plug-in needs to be enabled, scan it after enabling it.<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>NIDS upgrade package download link<\/li><\/ul>\n\n\n\n<p>5.6.10.22154<\/p>\n\n\n\n<figure class=\"wp-block-embed\"><div class=\"wp-block-embed__wrapper\">\nhttp:\/\/update.nsfocus.com\/update\/downloads\/id\/103168\n<\/div><\/figure>\n\n\n\n<p>5.6.9.22154<\/p>\n\n\n\n<figure class=\"wp-block-embed\"><div class=\"wp-block-embed__wrapper\">\nhttp:\/\/update.nsfocus.com\/update\/downloads\/id\/103167\n<\/div><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>UTS upgrade package download link<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-embed\"><div class=\"wp-block-embed__wrapper\">\nhttp:\/\/update.nsfocus.com\/update\/downloads\/id\/103172\n<\/div><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Using NSFOCUS&#8217;s Protection Products to Protect Against the Vulnerability<\/strong><\/li><\/ul>\n\n\n\n<p>Use NSFOCUS Network Intrusion Protection System (NIPS) to protect against this vulnerability.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>NSFOCUS NIPS<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-embed\"><div class=\"wp-block-embed__wrapper\">\nhttp:\/\/update.nsfocus.com\/update\/listIps\n<\/div><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Upgrade Package\/Rule Base Versions of Protection Products<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td><strong>Protection Product<\/strong><strong><\/strong><\/td><td><strong>Upgrade Package\/Rule Base Version<\/strong><strong><\/strong><\/td><td><strong>Rule ID<\/strong><strong><\/strong><\/td><\/tr><tr><td><strong>NIPS<\/strong><\/td><td>5.6.10.<a>22154<\/a>, 5.6.9.22154<\/td><td>24763<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>NIPS upgrade package download link<\/li><\/ul>\n\n\n\n<p>5.6.10.22154<\/p>\n\n\n\n<figure class=\"wp-block-embed\"><div class=\"wp-block-embed__wrapper\">\nhttp:\/\/update.nsfocus.com\/update\/downloads\/id\/103168\n<\/div><\/figure>\n\n\n\n<p>5.6.9.22154<\/p>\n\n\n\n<figure class=\"wp-block-embed\"><div class=\"wp-block-embed__wrapper\">\nhttp:\/\/update.nsfocus.com\/update\/downloads\/id\/103167\n<\/div><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Upgrading NSFOCUS&#8217;s Security Platforms<\/strong><\/li><\/ul>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td><strong>Platform<\/strong><strong><\/strong><\/td><td><strong>Upgrade Package\/Rule Base Version<\/strong><strong><\/strong><\/td><\/tr><tr><td><strong>NSFOCUS Enterprise Security Platform Solution (ESP)<\/strong><strong><\/strong><\/td><td>It is unnecessary to upgrade rules on ESPC. If NSFOCUS NIPS is deployed, upgrade it to V5.6.10.22154 or 5.6.9.22154 or later.<\/td><\/tr><tr><td><strong>NSFOCUS Intelligent Security Operation Platform Solution (ISOP)<\/strong><strong><\/strong><\/td><td>Install the following rule upgrade package: attack_rule.1.0.0.0.207104.dat<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Technical Analysis<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Vulnerability Principle<\/strong><\/li><\/ul>\n\n\n\n<p>The CVE-2020-0796 (aka SMBGhost) vulnerability exists in the data compression function of SMBv3. Microsoft introduces the data compression function in SMBv3 so that users, via prior interactions with an SMBv3 server, can configure to transmit compressed data to the server to increase the transmission efficiency. Through manipulation of certain fields in an SMB packet that contains compressed data, an attacker could trigger an overflow when the decompression program applies for a buffer to store data. As a result, the target system refuses to serve legitimate users due to a blue screen error.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Appendix: Product\/Platform Use Guides<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Scanning Configuration on RSAS<\/li><li>On RSAS, under <strong>Services &gt; System Upgrade<\/strong>, click <strong>Choose File<\/strong> in the <strong>Manual Upgrade<\/strong> area and find the update file just downloaded.<\/li><li>l\u00a0 Click <strong>Upgrade<\/strong>.<\/li><\/ul>\n\n\n\n<ul class=\"wp-block-list\"><li>Detection Configuration on UTS<\/li><\/ul>\n\n\n\n<p>2. On UTS, under <strong>System &gt; System Upgrade &gt; Offline Upgrade<\/strong>, browse to the update file just downloaded and click <strong>Upload<\/strong>.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Protection Configuration on NIPS<\/li><li>On the web-based manager of NSFOCUS NIPS, under <strong>System &gt; System Update &gt; Offline Update<\/strong>, browse to the update file just downloaded and click <strong>Upload<\/strong>.<\/li><li>After the update is installed, find the rule ID in the default rule base and view rule details.<ul><li>Configuration on ISOP<\/li><\/ul><\/li><\/ul>\n\n\n\n<p>First, log in to the ISOP platform and click <strong>System Upgrade<\/strong>.<\/p>\n\n\n\n<p>On the <strong>Unified Rule Base Upgrade<\/strong> page, select <strong>Attack Identification Rule Package<\/strong>, import the downloaded latest rule package, and click <strong>Upgrade<\/strong>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Statement<\/strong><\/h2>\n\n\n\n<p>This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and\/or indirect consequences and losses caused by transmitting and\/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add\/delete any information to\/from it, or use this advisory for commercial purposes without permission from NSFOCUS.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>About NSFOCUS<\/strong><\/h2>\n\n\n\n<p>NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company&#8217;s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.<\/p>\n\n\n\n<p>NSFOCUS works with Fortune Global 500 companies, including four of the world&#8217;s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).<\/p>\n\n\n\n<p>A wholly owned subsidiary of NSFOCUS Technologies Group Co., Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview On March 11, Beijing time, Microsoft released March 2020 updates to fix vulnerabilities among which is a remote code execution vulnerability in Microsoft Server Message Block 3.1.1 (SMBv3) indicated in a security bulletin released earlier. This vulnerability exists in the way the Microsoft SMBv3 protocol handles certain requests. An attacker could exploit this vulnerability [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":10775,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","footnotes":""},"categories":[6],"tags":[752],"class_list":["post-10774","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-emergency-response","tag-windows"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796) Technical Analysis and Solution - NSFOCUS<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nsfocusglobal.com\/windows-smbv3-remote-code-execution-vulnerability-cve-2020-0796-technical-analysis-and-solution-2\/\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796) Technical Analysis and Solution - NSFOCUS\" \/>\n<meta property=\"og:description\" content=\"Overview On March 11, Beijing time, Microsoft released March 2020 updates to fix vulnerabilities among which is a remote code execution vulnerability in\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nsfocusglobal.com\/windows-smbv3-remote-code-execution-vulnerability-cve-2020-0796-technical-analysis-and-solution-2\/\" \/>\n<meta property=\"og:site_name\" content=\"NSFOCUS\" \/>\n<meta property=\"article:published_time\" content=\"2020-06-15T08:58:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/06\/0615-1.jpg\" \/>\n<meta name=\"author\" content=\"NSFOCUS\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796) Technical Analysis and Solution - NSFOCUS\" \/>\n<meta name=\"twitter:description\" content=\"Overview On March 11, Beijing time, Microsoft released March 2020 updates to fix vulnerabilities among which is a remote code execution vulnerability in\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/06\/0615-1.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"NSFOCUS\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/windows-smbv3-remote-code-execution-vulnerability-cve-2020-0796-technical-analysis-and-solution-2\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/windows-smbv3-remote-code-execution-vulnerability-cve-2020-0796-technical-analysis-and-solution-2\\\/\"},\"author\":{\"name\":\"NSFOCUS\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\"},\"headline\":\"Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796) Technical Analysis and Solution\",\"datePublished\":\"2020-06-15T08:58:47+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/windows-smbv3-remote-code-execution-vulnerability-cve-2020-0796-technical-analysis-and-solution-2\\\/\"},\"wordCount\":1198,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/windows-smbv3-remote-code-execution-vulnerability-cve-2020-0796-technical-analysis-and-solution-2\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2020\\\/06\\\/0615-1.jpg\",\"keywords\":[\"Windows\"],\"articleSection\":[\"Emergency Response\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/windows-smbv3-remote-code-execution-vulnerability-cve-2020-0796-technical-analysis-and-solution-2\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/windows-smbv3-remote-code-execution-vulnerability-cve-2020-0796-technical-analysis-and-solution-2\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/windows-smbv3-remote-code-execution-vulnerability-cve-2020-0796-technical-analysis-and-solution-2\\\/\",\"name\":\"Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796) Technical Analysis and Solution - NSFOCUS\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/windows-smbv3-remote-code-execution-vulnerability-cve-2020-0796-technical-analysis-and-solution-2\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/windows-smbv3-remote-code-execution-vulnerability-cve-2020-0796-technical-analysis-and-solution-2\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2020\\\/06\\\/0615-1.jpg\",\"datePublished\":\"2020-06-15T08:58:47+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/windows-smbv3-remote-code-execution-vulnerability-cve-2020-0796-technical-analysis-and-solution-2\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/windows-smbv3-remote-code-execution-vulnerability-cve-2020-0796-technical-analysis-and-solution-2\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/windows-smbv3-remote-code-execution-vulnerability-cve-2020-0796-technical-analysis-and-solution-2\\\/#primaryimage\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2020\\\/06\\\/0615-1.jpg\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2020\\\/06\\\/0615-1.jpg\",\"width\":312,\"height\":168,\"caption\":\"Microsoft logo with four colored squares.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/windows-smbv3-remote-code-execution-vulnerability-cve-2020-0796-technical-analysis-and-solution-2\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nsfocusglobal.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796) Technical Analysis and Solution\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#website\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/\",\"name\":\"NSFOCUS\",\"description\":\"Security Made Smart and Simple\",\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nsfocusglobal.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#organization\",\"name\":\"NSFOCUS\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"width\":248,\"height\":36,\"caption\":\"NSFOCUS\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\",\"name\":\"NSFOCUS\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"caption\":\"NSFOCUS\"},\"sameAs\":[\"https:\\\/\\\/nsfocusglobal.com\"],\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796) Technical Analysis and Solution - NSFOCUS","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nsfocusglobal.com\/windows-smbv3-remote-code-execution-vulnerability-cve-2020-0796-technical-analysis-and-solution-2\/","og_locale":"pt_BR","og_type":"article","og_title":"Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796) Technical Analysis and Solution - NSFOCUS","og_description":"Overview On March 11, Beijing time, Microsoft released March 2020 updates to fix vulnerabilities among which is a remote code execution vulnerability in","og_url":"https:\/\/nsfocusglobal.com\/windows-smbv3-remote-code-execution-vulnerability-cve-2020-0796-technical-analysis-and-solution-2\/","og_site_name":"NSFOCUS","article_published_time":"2020-06-15T08:58:47+00:00","og_image":[{"url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/06\/0615-1.jpg","type":"","width":"","height":""}],"author":"NSFOCUS","twitter_card":"summary_large_image","twitter_title":"Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796) Technical Analysis and Solution - NSFOCUS","twitter_description":"Overview On March 11, Beijing time, Microsoft released March 2020 updates to fix vulnerabilities among which is a remote code execution vulnerability in","twitter_image":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/06\/0615-1.jpg","twitter_misc":{"Escrito por":"NSFOCUS","Est. tempo de leitura":"6 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nsfocusglobal.com\/windows-smbv3-remote-code-execution-vulnerability-cve-2020-0796-technical-analysis-and-solution-2\/#article","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/windows-smbv3-remote-code-execution-vulnerability-cve-2020-0796-technical-analysis-and-solution-2\/"},"author":{"name":"NSFOCUS","@id":"https:\/\/nsfocusglobal.com\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d"},"headline":"Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796) Technical Analysis and Solution","datePublished":"2020-06-15T08:58:47+00:00","mainEntityOfPage":{"@id":"https:\/\/nsfocusglobal.com\/windows-smbv3-remote-code-execution-vulnerability-cve-2020-0796-technical-analysis-and-solution-2\/"},"wordCount":1198,"commentCount":0,"publisher":{"@id":"https:\/\/nsfocusglobal.com\/#organization"},"image":{"@id":"https:\/\/nsfocusglobal.com\/windows-smbv3-remote-code-execution-vulnerability-cve-2020-0796-technical-analysis-and-solution-2\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/06\/0615-1.jpg","keywords":["Windows"],"articleSection":["Emergency Response"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nsfocusglobal.com\/windows-smbv3-remote-code-execution-vulnerability-cve-2020-0796-technical-analysis-and-solution-2\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nsfocusglobal.com\/windows-smbv3-remote-code-execution-vulnerability-cve-2020-0796-technical-analysis-and-solution-2\/","url":"https:\/\/nsfocusglobal.com\/windows-smbv3-remote-code-execution-vulnerability-cve-2020-0796-technical-analysis-and-solution-2\/","name":"Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796) Technical Analysis and Solution - NSFOCUS","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nsfocusglobal.com\/windows-smbv3-remote-code-execution-vulnerability-cve-2020-0796-technical-analysis-and-solution-2\/#primaryimage"},"image":{"@id":"https:\/\/nsfocusglobal.com\/windows-smbv3-remote-code-execution-vulnerability-cve-2020-0796-technical-analysis-and-solution-2\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/06\/0615-1.jpg","datePublished":"2020-06-15T08:58:47+00:00","breadcrumb":{"@id":"https:\/\/nsfocusglobal.com\/windows-smbv3-remote-code-execution-vulnerability-cve-2020-0796-technical-analysis-and-solution-2\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nsfocusglobal.com\/windows-smbv3-remote-code-execution-vulnerability-cve-2020-0796-technical-analysis-and-solution-2\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/windows-smbv3-remote-code-execution-vulnerability-cve-2020-0796-technical-analysis-and-solution-2\/#primaryimage","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/06\/0615-1.jpg","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/06\/0615-1.jpg","width":312,"height":168,"caption":"Microsoft logo with four colored squares."},{"@type":"BreadcrumbList","@id":"https:\/\/nsfocusglobal.com\/windows-smbv3-remote-code-execution-vulnerability-cve-2020-0796-technical-analysis-and-solution-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nsfocusglobal.com\/"},{"@type":"ListItem","position":2,"name":"Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796) Technical Analysis and Solution"}]},{"@type":"WebSite","@id":"https:\/\/nsfocusglobal.com\/#website","url":"https:\/\/nsfocusglobal.com\/","name":"NSFOCUS","description":"Security Made Smart and Simple","publisher":{"@id":"https:\/\/nsfocusglobal.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nsfocusglobal.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/nsfocusglobal.com\/#organization","name":"NSFOCUS","url":"https:\/\/nsfocusglobal.com\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/#\/schema\/logo\/image\/","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","width":248,"height":36,"caption":"NSFOCUS"},"image":{"@id":"https:\/\/nsfocusglobal.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/nsfocusglobal.com\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d","name":"NSFOCUS","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","caption":"NSFOCUS"},"sameAs":["https:\/\/nsfocusglobal.com"],"url":"https:\/\/nsfocusglobal.com\/pt-br\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/10774","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/comments?post=10774"}],"version-history":[{"count":0,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/10774\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media\/10775"}],"wp:attachment":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media?parent=10774"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/categories?post=10774"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/tags?post=10774"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}