{"id":7903,"date":"2020-03-17T11:39:55","date_gmt":"2020-03-17T08:39:55","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=7903"},"modified":"2020-03-17T11:39:55","modified_gmt":"2020-03-17T08:39:55","slug":"smb-311-vulnerability","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/smb-311-vulnerability\/7903\/","title":{"rendered":"CVE-2020-0796: SMB protokol\u00fcndeki yeni g\u00fcvenlik a\u00e7\u0131\u011f\u0131"},"content":{"rendered":"<p><strong>12 Mart\u2019ta G\u00fcncellenmi\u015ftir<\/strong><\/p>\n<p>Windows 10 ve Windows Server i\u015fletim sistemlerindeki Microsoft Sunucu \u0130leti Blo\u011fu 3.1.1 (SMBv3) protokol\u00fcn\u00fc etkileyen <a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/adv200005\" target=\"_blank\" rel=\"noopener nofollow\">CVE-2020-0796 RCE g\u00fcvenlik a\u00e7\u0131\u011f\u0131yla ilgili<\/a> yeni haberler ortaya \u00e7\u0131kt\u0131. Microsoft\u2019a g\u00f6re, bir sald\u0131rgan SMB sunucusunun veya SMB istemcisinin yan\u0131nda rasgele kod y\u00fcr\u00fctmek i\u00e7in bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan yararlanabilir. Sunucuya sald\u0131rmak i\u00e7in \u00f6zel olarak olu\u015fturulmu\u015f bir paket g\u00f6ndermek m\u00fcmk\u00fcn. \u0130stemciye gelince, sald\u0131rganlar\u0131n k\u00f6t\u00fc niyetli bir SMBv3 sunucusu yap\u0131land\u0131rmas\u0131 ve kullan\u0131c\u0131y\u0131 bu sunucuya ba\u011flanmaya ikna etmesi gerekiyor.<\/p>\n<p>Siber g\u00fcvenlik uzmanlar\u0131, g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n WannaCry benzeri bir solucan ba\u015flatmak i\u00e7in kullan\u0131labilece\u011fini d\u00fc\u015f\u00fcn\u00fcyor. Microsoft bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 kritik olarak adland\u0131rd\u0131\u011f\u0131 i\u00e7in en k\u0131sa s\u00fcrede kapatman\u0131z gerekiyor.<\/p>\n<h2>Kimler tehlikede?<\/h2>\n<p>SMB, dosyalara, yaz\u0131c\u0131lara ve di\u011fer a\u011f kaynaklar\u0131na uzaktan eri\u015fim i\u00e7in kullan\u0131lan bir a\u011f protokol\u00fcd\u00fcr. Microsoft Windows A\u011f\u0131\u2019n\u0131n yan\u0131 s\u0131ra Dosya ve Yaz\u0131c\u0131 Payla\u015f\u0131m\u0131 \u00f6zelliklerini uygulamak i\u00e7in kullan\u0131l\u0131r. \u015eirketiniz bu i\u015flevleri kullan\u0131yorsa, endi\u015felenmeniz i\u00e7in bir nedeniniz var.<\/p>\n<p>Microsoft Server Message Block 3.1.1 ise yaln\u0131zca yeni i\u015fletim sistemlerinde kullan\u0131lan nispeten yeni bir protokold\u00fcr:<\/p>\n<ul>\n<li>32-bit sistemler i\u00e7in Windows 10 S\u00fcr\u00fcm 1903<\/li>\n<li>ARM64 Tabanl\u0131 Sistemler i\u00e7in Windows 10 S\u00fcr\u00fcm 1903<\/li>\n<li>X64 Tabanl\u0131 Sistemler i\u00e7in Windows 10 S\u00fcr\u00fcm 1903<\/li>\n<li>32-bit sistemler i\u00e7in Windows 10 S\u00fcr\u00fcm 1909<\/li>\n<li>ARM64 Tabanl\u0131 Sistemler i\u00e7in Windows 10 S\u00fcr\u00fcm 1909<\/li>\n<li>X64 Tabanl\u0131 Sistemler i\u00e7in Windows 10 S\u00fcr\u00fcm 1909<\/li>\n<li>Windows Server, s\u00fcr\u00fcm 1903 (Sunucu \u00c7ekirde\u011fi y\u00fcklemesi)<\/li>\n<li>Windows Server, s\u00fcr\u00fcm 1909 (Sunucu \u00c7ekirde\u011fi y\u00fcklemesi)<\/li>\n<\/ul>\n<p>G\u00fcvenlik a\u00e7\u0131\u011f\u0131 Windows 7, 8, 8.1 veya daha eski s\u00fcr\u00fcmleri etkilemiyor. Ancak, otomatik olarak g\u00fcncelle\u015ftirmeleri y\u00fckleyen modern bilgisayarlar\u0131n \u00e7o\u011fu Windows 10 \u00e7al\u0131\u015ft\u0131r\u0131yor, bu nedenle hem ev hem de kurumsal bir\u00e7ok bilgisayar\u0131n savunmas\u0131z olmas\u0131 muhtemel.<\/p>\n<h2>Sald\u0131rganlar CVE-2020-0796\u2019y\u0131 k\u00f6t\u00fcye kullan\u0131yor mu?<\/h2>\n<p>Microsoft\u2019a g\u00f6re, CVE-2020-0796 g\u00fcvenlik a\u00e7\u0131\u011f\u0131 hen\u00fcz herhangi bir sald\u0131r\u0131 i\u00e7in kullan\u0131lmad\u0131; en az\u0131ndan hi\u00e7 kimse bu t\u00fcr bir sald\u0131r\u0131yla kar\u015f\u0131la\u015fmad\u0131. Bu arada, g\u00fcvenlik a\u00e7\u0131\u011f\u0131yla ilgili bilgiler 10 Mart\u2019tan itibaren kamuya a\u00e7\u0131ld\u0131; bu nedenle hen\u00fcz g\u00f6r\u00fclmediyse bile her an bunlar\u0131n k\u00f6t\u00fcye kullan\u0131m\u0131yla kar\u015f\u0131la\u015fabiliriz.<\/p>\n<h2>Ne yapmal\u0131s\u0131n?<\/h2>\n<p>Microsoft, bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 gideren bir g\u00fcvenlik g\u00fcncellemesi yay\u0131mlad\u0131 ve bu g\u00fcncellemenin en k\u0131sa s\u00fcrede y\u00fcklenmesini \u00f6neriyor. G\u00fcncellemeyi <a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2020-0796\" target=\"_blank\" rel=\"noopener nofollow\">buradan indirebilirsiniz<\/a>.<\/p>\n<p>Bu g\u00fcncelleme yay\u0131mlanmadan \u00f6nce Microsoft birka\u00e7 ge\u00e7ici \u00e7\u00f6z\u00fcm \u00f6nerdi. Microsoft, bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan yararlan\u0131lmas\u0131n\u0131 engellemek i\u00e7in a\u015fa\u011f\u0131dakileri sunuyor.<\/p>\n<h2>SMB sunucular\u0131 i\u00e7in:<\/h2>\n<ul>\n<li>Bir PowerShell komutu kullanarak g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan yararlan\u0131lmas\u0131n\u0131 engelleyebilirsiniz:<\/li>\n<\/ul>\n<p><strong>Set-ItemProperty -Path \u201cHKLM:\\SYSTEM\\CurrentControlSet\\Services\\LanmanServer\\Parameters\u201d DisableCompression -Type DWORD -Value 1 \u2013Force<\/strong><\/p>\n<h2>SMB m\u00fc\u015fterileri i\u00e7in:<\/h2>\n<ul>\n<li>WannaCry\u2019da oldu\u011fu gibi Microsoft, kurumsal \u00e7evre g\u00fcvenlik duvar\u0131nda 445 numaral\u0131 TCP ba\u011flant\u0131 noktas\u0131n\u0131 engellemeyi \u00f6neriyor.<\/li>\n<\/ul>\n<p>Ayr\u0131ca, <a href=\"https:\/\/kas.pr\/kdkesbtr\" target=\"_blank\" rel=\"noopener\">Kaspersky Endpoint Business for Security<\/a> gibi g\u00fcvenilir bir g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fc kulland\u0131\u011f\u0131n\u0131zdan emin olun. Kaspersky Endpoint Business for Security, di\u011fer teknolojilerin yan\u0131 s\u0131ra, u\u00e7 noktalar\u0131 bilinmeyen g\u00fcvenlik a\u00e7\u0131klar\u0131ndan bile koruyan bir k\u00f6t\u00fcye kullan\u0131m \u00f6nleme alt sistemi kullan\u0131r.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kesb-b2b\">\n","protected":false},"excerpt":{"rendered":"<p>Microsoft, SMB 3.1.1 a\u011f protokol\u00fcnde yeni ke\u015ffedilen kritik g\u00fcvenlik a\u00e7\u0131\u011f\u0131 CVE-2020-0796 i\u00e7in bir d\u00fczeltme eki yay\u0131mlad\u0131.<\/p>\n","protected":false},"author":700,"featured_media":7904,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1287,1194,1351],"tags":[790,38,2144,1227],"class_list":{"0":"post-7903","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-news","9":"category-business","10":"category-threats","11":"tag-guvenlik-aciklari","12":"tag-microsoft","13":"tag-smb","14":"tag-wannacry"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/smb-311-vulnerability\/7903\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/smb-311-vulnerability\/19519\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/smb-311-vulnerability\/16096\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/smb-311-vulnerability\/8038\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/smb-311-vulnerability\/21128\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/smb-311-vulnerability\/19390\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/smb-311-vulnerability\/17873\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/smb-311-vulnerability\/22070\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/smb-311-vulnerability\/20809\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/smb-311-vulnerability\/27594\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/smb-311-vulnerability\/33991\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/smb-311-vulnerability\/14461\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/smb-311-vulnerability\/14532\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/smb-311-vulnerability\/13158\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/smb-311-vulnerability\/23259\/"},{"hreflang":"zh","url":"https:\/\/www.kaspersky.com.cn\/blog\/smb-311-vulnerability\/11184\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/smb-311-vulnerability\/27846\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/smb-311-vulnerability\/25095\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/smb-311-vulnerability\/21803\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/smb-311-vulnerability\/27009\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/smb-311-vulnerability\/26848\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/guvenlik-aciklari\/","name":"g\u00fcvenlik a\u00e7\u0131klar\u0131"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/7903","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/700"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=7903"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/7903\/revisions"}],"predecessor-version":[{"id":7905,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/7903\/revisions\/7905"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/7904"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=7903"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=7903"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=7903"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}