Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796) Technical Analysis and Solution
March 30, 2020
Overview
On March 11, Beijing time, Microsoft released March 2020 updates to fix vulnerabilities among which is a remote code execution vulnerability in Microsoft Server Message Block 3.1.1 (SMBv3) indicated in a security bulletin released earlier. This vulnerability exists in the way the Microsoft SMBv3 protocol handles certain requests. An attacker could exploit this vulnerability in an unauthenticated way. (more…)
Windows CryptoAPI High Risk Vulnerability (CVE-2020-0601) Security Alert
January 27, 2020
Overview
On January 14, local time, one of the latest monthly patch updates from Microsoft fixed the Windows CryptoAPI spoofing vulnerability (CVE-2020-0601) discovered and reported to Microsoft by the National Security Agency (NSA), which affects Windows 10. , Windows Server 2016 and Windows Server 2019. (more…)
