Unpatched Microsoft Systems Vulnerable to CVE-2020-0796

["US-CERT" <US-CERT () mil govdelivery com>]

Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:



Unpatched Microsoft Systems Vulnerable to CVE-2020-0796 [ 
https://www.us-cert.gov/ncas/current-activity/2020/06/05/unpatched-microsoft-systems-vulnerable-cve-2020-0796 ] 
06/05/2020 03:09 PM EDT 
Original release date: June 5, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of publicly available and functional 
proof-of-concept (PoC) code that exploits CVE-2020-0796 in unpatched systems. Although Microsoft disclosed and provided 
updates for this vulnerability in March 2020, malicious cyber actors are targeting unpatched systems with the new PoC, 
according to recent open-source reports. CISA strongly recommends using a firewall to block SMB ports from the internet 
and to apply patches to critical- and high-severity vulnerabilities as soon as possible. 

CISA also encourages users and administrators to review the following resources and apply the necessary updates or 
workarounds.


  * Microsoft Security Guidance for CVE-2020-0796 [ 
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796 ] 
  * Microsoft Advisory ADV200005 [ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv200005 ] 
  * CERT Coordination Centers Vulnerability Note VU#872016 [ https://www.kb.cert.org/vuls/id/872016/ ] 

This product is provided subject to this Notification [ https://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ https://www.dhs.gov/privacy-policy ] policy.

body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: normal; font-style: normal; color: 
#333333; } ________________________________________________________________________

A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have 
questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a 
notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () 
ncas us-cert gov to your address book. 

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ]  

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]