Zscaler Data Protection Recognized as a 2023 Product of the Year by CRN

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Security Research

Microsoft Remote Code Execution vulnerability in SMBv3 service: CVE-2020-0796

ROHIT HEGDE - Security Research
March 11, 2020 - 2 min read


On 12th March 2020 Microsoft has released a Security guidance regarding Remote Code Execution vulnerability in the way that Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. A successful exploitation of the vulnerability could provide the attacker the ability to execute arbitrary code on the target SMB Server or SMB client. Microsoft has marked the CVE as Critical and provided an Exploitability index of "1- Exploitation more likely". The security guidance also provides a workaround for this vulnerability.


What is the issue?

An unauthenticated attacker could send a specially crafted packet to target SMBv3 Server. To attack an SMB client, an unauthenticated attacker would need to configure a malicious SMBv3 Server and convince the client to connect to it. The specially crafted packet exploits SMBv3.1.1 compression feature.

What systems are impacted?

Windows 10 Version 1903, Windows 10 Version 1909, Windows Server Version 1903 and Windows Server Version 1909 running SMBv3 service.


What can you do to protect yourself?

Microsoft has not yet released a patch for this vulnerability and recommends a workaround which involves disabling SMBv3 compression. The steps to do this are mentioned in the workarounds section of advisory linked below,


They also recommend applying the patch as soon as the update is available.


Zscaler Coverage:

We have not seen this vulnerability being exploited in the wild. Zscaler Cloud Sandbox provides proactive coverage against exploit payloads and advanced threats like ransomware, and the Zscaler ThreatLabZ team is actively monitoring for in-the-wild exploit attempts to ensure coverage.


form submtited
Thank you for reading

Was this post useful?

Explore more Zscaler blogs

A cyber criminal shopping for malware
Agniane Stealer: Dark Web’s Crypto Threat
Read Post
Business people walking through a city
The Impact of the SEC’s New Cybersecurity Policies
Read Post
Digital cloud illuminated in blue
Security Advisory: Remote Code Execution Vulnerability (CVE-2023-3519)
Read Post
The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region
Read Post
01 / 02
dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.