CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2020-0796

CVSS 10.0v3.1pub. 2020-03-12upd. 2025-10-29

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Microsoft Windows 10 1903

    OS
    Microsoft
    wszystkie wersje
  • Microsoft Windows 10 1909

    OS
    Microsoft
    wszystkie wersje
  • Microsoft Windows Server 1903

    OS
    Microsoft
    wszystkie wersje
  • Microsoft Windows Server 1909

    OS
    Microsoft
    wszystkie wersje

CISA KEV — detailsi

Vendori
Microsoft
Producti
SMBv3
Added to KEVi
February 10, 2022
Remediation deadline (US Federal)i
August 10, 2022(overdue)
Ransomwarei
Active ransomware campaigns exploit this vulnerability
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARECISA DEADLINE: 10 sierpnia 2022
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2020-0646CRITICAL9.8⚠ KEVten sam produkt

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properl...

CVE-2022-26923HIGH8.8⚠ KEVten sam produkt

Active Directory Domain Services Elevation of Privilege Vulnerability

CVE-2022-26925HIGH8.1⚠ KEVten sam produkt

Windows LSA Spoofing Vulnerability

CVE-2022-24521HIGH7.8⚠ KEVten sam produkt

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2022-26904HIGH7.0⚠ KEVten sam produkt

Windows User Profile Service Elevation of Privilege Vulnerability