Unpatched Microsoft Systems Vulnerable to CVE-2020-0796

Post published:June 5, 2020

Original release date: June 5, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of publicly available and functional proof-of-concept (PoC) code that exploits CVE-2020-0796 in unpatched systems. Although Microsoft disclosed and provided updates for this vulnerability in March 2020, malicious cyber actors are targeting unpatched systems with the new PoC, according to recent open-source reports. CISA strongly recommends using a firewall to block SMB ports from the internet and to apply patches to critical- and high-severity vulnerabilities as soon as possible.

CISA also encourages users and administrators to review the following resources and apply the necessary updates or workarounds.

Microsoft Security Guidance for CVE-2020-0796
Microsoft Advisory ADV200005
CERT Coordination Center’s Vulnerability Note VU#872016

This product is provided subject to this Notification and this Privacy & Use policy.

You Might Also Like

Cisco Releases Security Updates for Multiple Products

Guidance: Framing Software Component Transparency: Establishing a Common Software Bill of Materials (SBOM)

#StopRansomware – Ransomware Attacks on Critical Infrastructure Fund DPRK Espionage Activities

Cisco Releases Security Updates for Multiple Products  