{"id":11184,"date":"2020-03-16T14:07:22","date_gmt":"2020-03-16T06:07:22","guid":{"rendered":"https:\/\/www.kaspersky.com.cn\/blog\/?p=11184"},"modified":"2020-11-09T17:59:03","modified_gmt":"2020-11-09T09:59:03","slug":"smb-311-vulnerability","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.cn\/blog\/smb-311-vulnerability\/11184\/","title":{"rendered":"CVE-2020-0796\uff1aSMB\u901a\u4fe1\u534f\u8bae\u65b0\u6f0f\u6d1e"},"content":{"rendered":"<p><strong>3\u670812\u65e5\u66f4\u65b0<\/strong><\/p>\n<p>\u636e\u6700\u65b0\u62a5\u9053\uff0cWindows 10\u548cWindows Server\u64cd\u4f5c\u7cfb\u7edf\u5b58\u5728<a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/adv200005\" target=\"_blank\" rel=\"noopener nofollow\">CVE-2020-0796 RCE\u6f0f\u6d1e<\/a>\uff0c\u8be5\u6f0f\u6d1e\u5f71\u54cd\u5230\u5fae\u8f6fMicrosoft Server Message Block 3.1.1 (SMBv3)\u901a\u4fe1\u534f\u8bae\u3002\u6839\u636e\u5fae\u8f6f\u7684\u8bf4\u6cd5\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6b64\u6f0f\u6d1e\u5728SMB\u670d\u52a1\u5668\u6216SMB\u5ba2\u6237\u7aef\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u653b\u51fb\u8005\u53ea\u8981\u53d1\u9001\u7cbe\u5fc3\u6784\u9020\u7684\u6570\u636e\u5305\u5c31\u80fd\u653b\u51fb\u670d\u52a1\u5668\u3002\u800c\u8981\u60f3\u653b\u51fb\u5ba2\u6237\u7aef\uff0c\u653b\u51fb\u8005\u5219\u987b\u5148\u914d\u7f6e\u4e00\u4e2a\u6076\u610f\u7684SMBv3\u670d\u52a1\u5668\uff0c\u5e76\u8ba9\u7528\u6237\u8fde\u63a5\u5230\u5b83\u3002<\/p>\n<p>\u7f51\u7edc\u5b89\u5168\u4e13\u5bb6\u8ba4\u4e3a\uff0c\u8be5\u6f0f\u6d1e\u53ef\u88ab\u7528\u4e8e\u542f\u52a8\u7c7b\u4f3cWannaCry\u7684\u8815\u866b\u75c5\u6bd2\u3002\u5fae\u8f6f\u8868\u793a\u8be5\u6f0f\u6d1e\u975e\u5e38\u4e25\u91cd\uff0c\u5fc5\u987b\u5c3d\u5feb\u5173\u95ed\u3002<\/p>\n<h2>\u54ea\u4e9b\u7528\u6237\u5c06\u9762\u4e34\u5371\u9669\uff1f<\/h2>\n<p>SMB\u662f\u4e00\u79cd\u7528\u4e8e\u8fdc\u7a0b\u8bbf\u95ee\u6587\u4ef6\u3001\u6253\u5370\u673a\u548c\u5176\u4ed6\u7f51\u7edc\u8d44\u6e90\u7684\u7f51\u7edc\u534f\u8bae\u3002\u5fae\u8f6fWindows\u7f51\u7edc\u548c\u6587\u4ef6\u53ca\u6253\u5370\u673a\u7684\u5171\u4eab\u529f\u80fd\u90fd\u4f7f\u7528\u4e86\u8be5\u534f\u8bae\u3002\u5982\u679c\u60a8\u7684\u516c\u53f8\u6b63\u5728\u4f7f\u7528\u8fd9\u4e9b\u529f\u80fd\uff0c\u8bf7\u683c\u5916\u6ce8\u610f\u3002<\/p>\n<p>Microsoft Server Message Block 3.1.1\u662f\u4e00\u4e2a\u76f8\u5bf9\u8f83\u65b0\u7684\u534f\u8bae\uff0c\u53ea\u5728\u65b0\u7684\u64cd\u4f5c\u7cfb\u7edf\u4e2d\u4f7f\u7528:<\/p>\n<ul>\n<li>Windows 10 \u7248\u672c1903 32\u4f4d\u7cfb\u7edf<\/li>\n<li>Windows 10 \u7248\u672c1903 ARM64\u7cfb\u7edf<\/li>\n<li>Windows 10 \u7248\u672c1903 64\u4f4d\u7cfb\u7edf<\/li>\n<li>Windows 10 \u7248\u672c1909 32\u4f4d\u7cfb\u7edf<\/li>\n<li>Windows 10 \u7248\u672c1909 ARM64\u7cfb\u7edf<\/li>\n<li>Windows 10 \u7248\u672c1909 64\u4f4d\u7cfb\u7edf<\/li>\n<li>Windows Server \u7248\u672c1903 (Server Core installation)<\/li>\n<li>Windows Server \u7248\u672c1909 (Server Core installation)<\/li>\n<\/ul>\n<p>Windows 7, 8, 8.1 \u4ee5\u53ca\u66f4\u53e4\u8001\u7684\u7248\u672c\u4e0d\u4f1a\u53d7\u5230\u8fd9\u4e2a\u6f0f\u6d1e\u7684\u5f71\u54cd\u3002\u7136\u800c\uff0c\u5927\u591a\u6570\u6bd4\u8f83\u65b0\u7684\u7535\u8111\u4f1a\u81ea\u52a8\u5b89\u88c5Windows 10\u63a8\u9001\u7684\u66f4\u65b0\uff0c\u56e0\u6b64\u4ecd\u7136\u6709\u5927\u91cf\u5bb6\u7528\u53ca\u4f01\u4e1a\u7684\u7535\u8111\u4f1a\u53d7\u5230\u5f71\u54cd\u6216\u88ab\u653b\u51fb\u3002<\/p>\n<h2><strong>\u662f\u5426\u6709\u653b\u51fb\u8005\u5df2\u7ecf\u5728\u5229\u7528\u6f0f\u6d1e<\/strong><strong>CVE-2020-0796<\/strong><strong>\uff1f<\/strong><\/h2>\n<p>\u5fae\u8f6f\u8868\u793a\uff0c\u6f0f\u6d1eCVE-2020-0796\u6682\u65f6\u8fd8\u672a\u88ab\u5229\u7528\uff0c\u81f3\u5c11\u76ee\u524d\u8fd8\u672a\u53d1\u73b0\u76f8\u5173\u7684\u653b\u51fb\u3002\u4f46\u95ee\u9898\u5728\u4e8e\uff0c\u73b0\u5728\u6ca1\u6709\u53ef\u7528\u4e8e\u4fee\u590d\u8be5\u6f0f\u6d1e\u7684\u8865\u4e01\u66f4\u65b0\u3002\u540c\u65f6\uff0c\u4e0eCVE-2020-0796\u76f8\u5173\u7684\u4fe1\u606f\u81ea3\u670810\u65e5\u8d77\u5728\u516c\u5171\u9886\u57df\u4f20\u64ad\u3002\u5373\u4f7f\u73b0\u5728\u4ecd\u672a\u6709\u5229\u7528\u8be5\u6f0f\u6d1e\u7684\u653b\u51fb\uff0c\u4e5f\u4e0d\u5e94\u6389\u4ee5\u8f7b\u5fc3\uff0c\u5b83\u968f\u65f6\u53ef\u80fd\u5728\u4e0b\u4e00\u79d2\u53d1\u751f\u3002<\/p>\n<h2>\u7528\u6237\u8be5\u600e\u4e48\u505a\uff1f<\/h2>\n<p><strong>3\u670812\u65e5\u66f4\u65b0\uff1a<\/strong>\u5fae\u8f6f\u5df2\u7ecf\u9488\u5bf9\u8be5\u6f0f\u6d1e\u53d1\u5e03\u4e86\u5b89\u5168\u66f4\u65b0\uff0c\u8bf7<a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2020-0796\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-linktype=\"2\">\u70b9\u51fb\u6b64\u5904\u4e0b\u8f7d<\/a>\u3002<\/p>\n<p>\u7531\u4e8e\u6682\u65f6\u6ca1\u6709\u53ef\u7528\u7684\u8865\u4e01\uff0c\u7528\u6237\u5fc5\u987b\u624b\u52a8\u5173\u95ed\u8be5\u6f0f\u6d1e\u3002\u5fae\u8f6f\u63d0\u4f9b\u4e86\u5982\u4e0b\u6307\u5357\u6307\u5f15\u7528\u6237\u963b\u65ad\u8be5\u6f0f\u6d1e\u88ab\u5229\u7528\u7684\u53ef\u80fd\u3002<\/p>\n<h3>SMB\u670d\u52a1\u5668\uff1a<\/h3>\n<ul>\n<li>\u901a\u8fc7PowerShell \u6307\u4ee4\u963b\u6b62\u8be5\u6f0f\u6d1e\u88ab\u5229\u7528\uff1a<\/li>\n<\/ul>\n<p><strong>Set-ItemProperty -Path \u201cHKLM:\\SYSTEM\\CurrentControlSet\\Services\\LanmanServer\\Parameters\u201d DisableCompression -Type DWORD -Value 1 \u2013Force<\/strong><\/p>\n<h3>SMB\u5ba2\u6237\u7aef\uff1a<\/h3>\n<ul>\n<li>\u4e0e\u5e94\u5bf9WannaCry\u7684\u65b9\u6cd5\u4e00\u6837\uff0c\u5fae\u8f6f\u5efa\u8bae\u4f01\u4e1a\u8fb9\u754c\u9632\u706b\u5899\u5173\u95edTCP\u7aef\u53e3445\u3002<\/li>\n<\/ul>\n<p>\u53e6\u5916\uff0c\u8bf7\u786e\u4fdd\u4f7f\u7528\u53ef\u9760\u7684\u5b89\u5168\u89e3\u51b3\u65b9\u6848\uff0c\u5982<a href=\"https:\/\/www.kaspersky.com.cn\/small-to-medium-business-security?icid=cn_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">\u5361\u5df4\u65af\u57fa\u7aef\u70b9\u5b89\u5168\u4f01\u4e1a\u7248<\/a>\u3002\u9664\u4e86\u5e38\u89c4\u529f\u80fd\u9632\u4e4b\u5916\uff0c\u5b83\u8fd8\u5305\u542b\u4e86\u4e00\u4e2a\u6f0f\u6d1e\u9884\u9632\u5b50\u7cfb\u7edf\u6765\u4fdd\u62a4\u7ec8\u7aef\uff0c\u751a\u81f3\u80fd\u907f\u514d\u672a\u77e5\u7684\u6f0f\u6d1e\u88ab\u5229\u7528\u3002<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kesb-cn\">\n","protected":false},"excerpt":{"rendered":"<p>\u5fae\u8f6f\u53d1\u5e03\u7f51\u7edc\u534f\u8baeSMB 3.1.1\u4e25\u91cd\u6f0f\u6d1eCVE-2020-0796\u7684\u4fee\u590d\u8865\u4e01<\/p>\n","protected":false},"author":700,"featured_media":11193,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1845,1506,1450],"tags":[2045,1427,73,44],"class_list":{"0":"post-11184","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-1845","8":"category-threats","9":"category-news","10":"tag-smb","11":"tag-wannacry","12":"tag-73","13":"tag-44"},"hreflang":[{"hreflang":"zh","url":"https:\/\/www.kaspersky.com.cn\/blog\/smb-311-vulnerability\/11184\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/smb-311-vulnerability\/19519\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/smb-311-vulnerability\/16096\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/smb-311-vulnerability\/8038\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/smb-311-vulnerability\/21128\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/smb-311-vulnerability\/19390\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/smb-311-vulnerability\/17873\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/smb-311-vulnerability\/22070\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/smb-311-vulnerability\/20809\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/smb-311-vulnerability\/27594\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/smb-311-vulnerability\/7903\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/smb-311-vulnerability\/33991\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/smb-311-vulnerability\/14461\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/smb-311-vulnerability\/14532\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/smb-311-vulnerability\/13158\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/smb-311-vulnerability\/23259\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/smb-311-vulnerability\/27846\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/smb-311-vulnerability\/25095\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/smb-311-vulnerability\/21803\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/smb-311-vulnerability\/27009\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/smb-311-vulnerability\/26848\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.cn\/blog\/tag\/%e6%bc%8f%e6%b4%9e\/","name":"\u6f0f\u6d1e"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/posts\/11184","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/users\/700"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/comments?post=11184"}],"version-history":[{"count":10,"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/posts\/11184\/revisions"}],"predecessor-version":[{"id":12174,"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/posts\/11184\/revisions\/12174"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/media\/11193"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/media?parent=11184"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/categories?post=11184"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/tags?post=11184"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}