By 
On Tuesday, one of the flaws that Microsoft highlighted on June 2020 Patch is a Server Message Block (SMB) protocol bug that could let an attacker leak kernel memory remotely, without verification.
Dubbed SMBleed and tracked as CVE-2020-1206, the flaw could be chained with SMBGhost (CVE-2020-0796), a fault highlighted in March 2020, to attain pre-authentication remote code implementation, said security researchers with ZecOps.
SMBleed is a problem that exists in the compression device of SMBv3.1.1 and impacts the means in which the protocol manages certain requests. Microsoft has addressed the bug by adjusting the way in which those requests are handled.
“To exploit the vulnerability against a server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 server. To exploit the vulnerability against a client, an unauthenticated attacker would need to configure a malicious SMBv3 server and convince a user to connect to it,” Microsoft notes in an advisory.
SMBleed impacts Windows 10 and Windows Server, versions 1903, 1909 and 2004 (but not previous versions).
While no extenuating factors have been recognized, Microsoft has come up with workarounds that may help protect against misuse, such as incapacitating SMBv3 compression. However, the company recommends the available patches be installed.
ZecOps’ investigators, who revealed both SMBGhost and SMBleed, already published proof-of-concept (POC) code for abusing the newly unveiled bug, but clarified that credentials and a writable share are essential for the POC to work.
Nevertheless, they also observe that it is possible to misuse the susceptibility without verification, and that they used it with the SMBGhost bug to attain RCE (Remote Code Execution). They released a POC for this situation as well, and seek to publish technical details shortly.
