CVE-2020-1206

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version

Description The issue is related to errors in handling objects in memory in the Microsoft Server Message Block 3.1.1 (SMBv3) protocol. This can allow a remote attacker to gain unauthorized access to protected information. An information disclosure vulnerability exists in the way the SMBv3 protocol handles certain requests. Combining this vulnerability with the "wormable" SMBGhost flaw can lead to remote code execution (RCE) attacks. The vulnerability results in a kernel memory leak in Microsoft Windows OS.

Recommendations For Microsoft Windows versions prior to the fixed version, consider disabling the SMBv3 protocol until a patch is available. Restrict access to the SMBv3 protocol to minimize the risk of exploitation. Avoid using the SMBv3 protocol for sensitive information exchange until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.