CVE-2020-1206
published 2020-06-09CVE-2020-1206: An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows…
PriorityP274high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
9.54%
94.8th percentile
An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Information Disclosure Vulnerability'.
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_1903_for_32-bit_systems | — | — |
| microsoft | windows_10_version_1903_for_arm64-based_systems | — | — |
| microsoft | windows_10_version_1903_for_x64-based_systems | — | — |
| microsoft | windows_10_version_1909_for_32-bit_systems | — | — |
| microsoft | windows_10_version_1909_for_arm64-based_systems | — | — |
| microsoft | windows_10_version_1909_for_x64-based_systems | — | — |
| microsoft | windows_10_version_2004_for_32-bit_systems | — | — |
| microsoft | windows_10_version_2004_for_arm64-based_systems | — | — |
| microsoft | windows_10_version_2004_for_x64-based_systems | — | — |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | — | — |
| msrc | windows_10_version_1903_for_32-bit_systems | — | — |
| msrc | windows_10_version_1903_for_arm64-based_systems | — | — |
| msrc | windows_10_version_1903_for_x64-based_systems | — | — |
| msrc | windows_10_version_1909_for_32-bit_systems | — | — |
| msrc | windows_10_version_1909_for_arm64-based_systems | — | — |
| msrc | windows_10_version_1909_for_x64-based_systems | — | — |
| msrc | windows_10_version_2004_for_32-bit_systems | — | — |
| msrc | windows_10_version_2004_for_arm64-based_systems | — | — |
| msrc | windows_10_version_2004_for_x64-based_systems | — | — |
| msrc | windows_server_version_1903 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
yara↗
rule HKTL_NET_GUID_CVE_2020_1206_POC {
meta:
description = "Detects .NET red/black-team tools via typelibguid"
reference = "https://github.com/ZecOps/CVE-2020-1206-POC"
author = "Arnim Rupp"
date = "2021-01-21"
strings:
$typelibguid0 = "3523ca04-a12d-4b40-8837-1a1d28ef96de" ascii nocase wide
$typelibguid1 = "d3a2f24a-ddc6-4548-9b3d-470e70dbcaab" ascii nocase wide
$typelibguid2 = "fb30ee05-4a35-45f7-9a0a-829aec7e47d9" ascii nocase wide
condition:
(uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}- →Exploitation can be unauthenticated against SMBv3 servers via a specially crafted packet, or against clients by luring them to connect to a malicious SMBv3 server. Detect unexpected inbound SMBv3 connections on TCP/445 from external sources. ↗
- →Check Point IPS blade signature name for this CVE can be used as a reference detection label: 'Microsoft Windows SMBv3 Client/Server Information Disclosure (CVE-2020-1206)'. ↗
- →The YARA rule targets PE files (.NET) containing any of three specific typelibguids associated with the ZecOps CVE-2020-1206 PoC tool. Hunt for these GUIDs in PE binaries on disk and in memory. ↗
- ·The workaround (disabling SMBv3 compression via registry) only protects SMBv3 servers, not SMB clients. Client-side protection requires blocking SMB traffic at the network perimeter. ↗
- ·Only Windows 10 version 1903 and later are affected; older Windows versions do not support SMBv3.1.1 compression and are not vulnerable. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
vendor_msrc8.6HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Windows SMBv3 Client/Server Information Disclosure Vulnerability
vendor_msrc·2020-06-09·CVSS 8.6
CVE-2020-1206 [HIGH] Windows SMBv3 Client/Server Information Disclosure Vulnerability
Windows SMBv3 Client/Server Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.
To exploit the vulnerability against a server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 server. To exploit the vulnerability against a client, an unauthenticated attacker would need to configure a malicious SMBv3 server and convince a user to connect to it.
The security update addresses the vulnerability by correcting how the SMBv3 protocol handles these specially crafted requests.
FAQ: What type of in
GHSA
GHSA-29hr-xxhm-93gg: An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3
ghsa_unreviewed·2022-05-24
CVE-2020-1206 [MEDIUM] CWE-200 GHSA-29hr-xxhm-93gg: An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3
An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Information Disclosure Vulnerability'.
VulnCheck
Microsoft Windows Use of Uninitialized Resource
vulncheck·2020·CVSS 7.5
CVE-2020-1206 [HIGH] Microsoft Windows Use of Uninitialized Resource
Microsoft Windows Use of Uninitialized Resource
An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Information Disclosure Vulnerability'.
Affected: Microsoft Windows
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://25491742.fs1.hubspotusercontent-eu1.net/hubfs/25491742/WAZAWAKA_TLPCLEAR_Report.pdf
No public exploits indexed.
Securelist
IT threat evolution Q2 2020. PC statistics
blogs_securelist·2020-09-03
IT threat evolution Q2 2020. PC statistics
Table of Contents
- Quarterly figures
- Financial threats
- Ransomware programs
- Miners
- Vulnerable applications used by cybercriminals during cyberattacks
- Attacks on Apple macOS
- IoT attacks
- Attacks via web resources
- Local threats
Authors
- Victor Chebyshev
- Evgeny Lopatin
- Fedor Sinitsyn
- Denis Parinov
- Oleg Kupreev
- Alexey Kulaev
- Alexander Kolesnikov
IT threat evolution Q2 2020. Review
IT threat evolution Q2 2020. Mobile statistics
These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data.
## Quarterly figures
According to Kaspersky Security Network, in Q2:
- Kaspersky solutions blocked 899,744,810 attacks launched from online resources in 191 countries across the globe.
- As many as 286,
Securelist
IT threat evolution Q2 2020. PC statistics
blogs_securelist·2020-09-03
IT threat evolution Q2 2020. PC statistics
Table of Contents
Quarterly figures
Financial threats
Financial threat statistics
Ransomware programs
Quarterly trend highlights
Number of new modifications
Number of users attacked by ransomware Trojans
Geography of attacks
Top 10 most common families of ransomware Trojans
Miners
Number of new modifications
Number of users attacked by miners
Geography of attacks
Vulnerable applications used by cybercriminals during cyberattacks
Attacks on Apple macOS
Threat geography
IoT attacks
IoT threat statistics
Threats loaded into traps
Attacks via web resources
Countries that are sources of web-based attacks: TOP 10
Countries where users faced the greatest risk of online infection
Local threats
Countries where users faced the highest risk of local infection
Authors
Victor
Checkpoint
15th June – Threat Intelligence Bulletin
blogs_checkpoint·2020-06-15
CVE-2020-1206 15th June – Threat Intelligence Bulletin
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 15th June – Threat Intelligence Bulletin
For the latest discoveries in cyber research for the week of 15th June 2020, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Delhi-based hack-for-hire group BellTroX has allegedly targeted thousands of high-profile individuals and hundreds of organizations worldwide in a seven-year long campaign. The group used phishing kits to steal sensitive data from the victims and conduct commercial espionage on behalf of their clients.
The Japanese gami
Tenable
SMBleed (CVE-2020-1206) and SMBLost (CVE-2020-1301) Vulnerabilities Affect Microsoft SMBv3 and SMBv1
blogs_tenable·2020-06-10·CVSS 7.5
[HIGH] SMBleed (CVE-2020-1206) and SMBLost (CVE-2020-1301) Vulnerabilities Affect Microsoft SMBv3 and SMBv1
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Trendmicro
Patch Tuesday: Fixes for LNK, SMB, and SharePoint Bugs
blogs_trendmicro·2020-06-10·CVSS 8.8
[HIGH] Patch Tuesday: Fixes for LNK, SMB, and SharePoint Bugs
Exploits & Vulnerabilities
# Patch Tuesday: Fixes for LNK, SMB, and SharePoint Bugs
This month’s Patch Tuesday had the highest number of entries so far in 2020 — a whopping 129, a continuation of the trend seen from the previous months. The update includes fixes for LNK, SMB, SharePoint, and Win32k vulnerabilities.
By: Trend Micro
2020/06/10
Read time: ( words)
Save to Folio
This month’s Patch Tuesday had the highest number of entries so far in 2020 — a whopping 129, a continuation of the trend seen from the previous months. The update includes fixes for LNK, SMB, SharePoint, and Win32k vulnerabilities.
While the update contained a significant number of patches, only 11 were rated Critical. One of the patches addresses yet another LNK-related vulnerability, CVE-2020-1299, which atta
Tenable
Microsoft’s June 2020 Patch Tuesday Addresses 129 CVEs Including Newly Disclosed SMBv3 Vulnerability (CVE-2020-1206)
blogs_tenable·2020-06-09·CVSS 7.5
[HIGH] Microsoft’s June 2020 Patch Tuesday Addresses 129 CVEs Including Newly Disclosed SMBv3 Vulnerability (CVE-2020-1206)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Zscaler
Zscaler found New Security Vulnerabilities | 10-06-2020
blogs_zscaler·CVSS 7.5
[HIGH] Zscaler found New Security Vulnerabilities | 10-06-2020
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
http://packetstormsecurity.com/files/158053/SMBleed-Uninitialized-Kernel-Memory-Read-Proof-Of-Concept.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1206http://packetstormsecurity.com/files/158053/SMBleed-Uninitialized-Kernel-Memory-Read-Proof-Of-Concept.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1206
2020-06-09
Published
Exploited in the wild