SMBleed: A New Critical Vulnerability Affects Windows SMB Protocol

Cybersecurity researchers uncovered a new critical vulnerability affecting the Server Message Block (SMB) protocol that could allow attackers to leak kernel memory remotely, and when combined with a previously disclosed “wormable” bug, the flaw can be exploited to achieve remote code execution attacks.

Dubbed “SMBleed” (CVE-2020-1206) by cybersecurity firm ZecOps, the flaw resides in SMB’s decompression function — the same function as with SMBGhost or EternalDarkness bug (CVE-2020-0796), which came to light three months ago, potentially opening vulnerable Windows systems to malware attacks that can propagate across networks.

The newly discovered vulnerability impacts Windows 10 versions 1903 and 1909, for which Microsoft today released security patches as part of its monthly Patch Tuesday updates for June.

The development comes as the US Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory last week warning Windows 10 users to update their machines after exploit code for SMBGhost bug was published online last week.

SMBGhost was deemed so serious that it received a maximum severity rating score of 10.

Read more: The Hacker News

Latest Articles

8 best practices to prevent SQL injection attacks

SQL injection is one of the most dangerous vulnerabilities for online applications. It occurs when a user adds untrusted data to a database query. For instance, when filling in a web form. If SQL injection is possible, smart attackers can create user input to steal valuable data, bypass authentication, or corrupt the records in your […]

Ganesh The Awesome Senior Pre & Post-Sales Engineer at GlobalDots
30th June, 2023
Keep the Capabilities, Lose the Vulnerabilities: Snyk’s Open Source Security Solution

Open source code is only as safe & reliable as your ability to scan it. Dependencies don’t only jam production – they might also pose real security risks. This is what makes an automated Open Source Security solution so vital to your cloud security stack. In this demo, our solution architect Steven Puddephatt will walk […]

Ganesh The Awesome Senior Pre & Post-Sales Engineer at GlobalDots
13th January, 2022
Demo: Inside Snyk’s Open Source Security

Open source code is only as safe & reliable as your ability to scan it. Dependencies don’t only jam production – they might also pose real security risks. This is what makes an automated Open Source Security solution so vital to your cloud security stack. In this demo, our solution architect Steven Puddephatt will walk […]

Ganesh The Awesome Senior Pre & Post-Sales Engineer at GlobalDots
11th October, 2021
Report: State of CNAS, Q2 2021

As companies embrace cloud native technologies as part of their digital transformation, security becomes key to delivering software products faster and error-free. This latest survey by Snyk: Evaluates the latest cloud-native development trends. Demonstrates how Cloud Native App Security (CNAS) fits into CI/CD. Reveals what still keeps some companies from moving to cloud-native platforms.  Fill […]

Ganesh The Awesome Senior Pre & Post-Sales Engineer at GlobalDots
16th June, 2021

Unlock Your Cloud Potential

Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.

    GlobalDots' industry expertise proactively addressed structural inefficiencies that would have otherwise hindered our success. Their laser focus is why I would recommend them as a partner to other companies

    Marco Kaiser
    Marco Kaiser

    CTO

    Legal Services

    GlobalDots has helped us to scale up our innovative capabilities, and in significantly improving our service provided to our clients

    Antonio Ostuni
    Antonio Ostuni

    CIO

    IT Services

    It's common for 3rd parties to work with a limited number of vendors - GlobalDots and its multi-vendor approach is different. Thanks to GlobalDots vendors umbrella, the hybrid-cloud migration was exceedingly smooth

    Motti Shpirer
    Motti Shpirer

    VP of Infrastructure & Technology

    Advertising Services