On June 10, 2020 (Beijing time), Microsoft released the security update for June 2020, including patches for 129 vulnerabilities. This update covers multiple components and software including Microsoft Windows, Internet Explorer (IE), Office, Microsoft Edge, Windows Defender, etc. 11 of the 128 Common Vulnerabilities and Exposures were officially marked as Critical by Microsoft, and 118 of them were marked as "Important".

In addition, in security patch of June, there are 23 remote code execution vulnerabilities, 5 denials of service vulnerabilities, 70 privilege escalation vulnerabilities, and 11 information disclosure vulnerabilities. Overall, the security patches basically solved the vulnerabilities or bugs discovered in Windows this month. Among them, the following vulnerabilities POC has been publicized and caused a wide impact. It is recommended to fix them in time.

About Vulnerability
CVE-2020-1301, Microsoft Windows SMB Server Remote Code Execution Vulnerability The vulnerability is located in the SMBv1 driver while SMBv2 and SMBv3 versions are not affected. The trigger point of the vulnerability is the SMBv1 driver does not fully verify the SI_COPYFILE structure when processing the FSCTL_SIS_COPTFILE request in the MS-FSCC protocol, resulting in an integer overflow. To exploit this vulnerability, you need to pass SMB protocol authentication, which increases the difficulty. But SMBv1 is deployed in all versions from Windows 7-10, so the vulnerability has a wide range of impacts. Attackers who successfully exploit this vulnerability can execute arbitrary code on the target host.

 
Reference
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1301

Timeline
June 9, 2020 Microsoft released a security bulletin on its website.
June 10, 2020 Sangfor FarSight Labs released issued a vulnerability warning article.

1. Mitigation measures:
1) Use strong passwords for SMB protocol authentication to avoid brute-force attack.

2) Turn off SMBv1 which has many security issues if it is unnecessary. Use SMBv2 or higher version protocol instead. For the method of turning off SMBv1 for each Windows version, please refer to the official Microsoft recommended solution:

https://docs.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3

2. Official patch:
Microsoft has officially updated the security patches of the affected software. Users can download and install the corresponding security patches according to different systems. inks:

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1301

Listen To This Post

Search

Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Related Articles

Cyber Security

Expert Tips on How to Improve Your Cyber Defense

Date : 12 Aug 2022
Read Now

Cyber Security

Ransomware Attacks in Asia on the Rise, Are You Next?

Date : 09 Aug 2022
Read Now

Cyber Security

How to Level Up Your Incident Response Plan

Date : 28 Jul 2022
Read Now

See Other Product

Cyber Command - NDR Platform
Endpoint Secure
Internet Access Gateway (IAG)
NGAF - Next Generation Firewall (NGFW)
Platform-X
SASE Access
icon notification