CVE-2020-17140 Windows SMB Information Disclosure Analysis Summary Background CVE-2020-17140 Analysis Conclusion Patch Reference CVE-2020-17140 Windows SMB Information Disclosure Analysis Author:k0shl of 360 Vulcan Team Summary Microsoft patched a SMB remote information disclosure vulnerability this patch tuesday I reported in September, it may affect over Windows 7 to Windows 10, more detail you can find in MSRC Acknowledgements: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17140 , I will public the vulnerability detail in this blog. Background Microsoft introduced a new SMB shared file caching mechanism called "LEASE" to improve read and write performance of shared file and directory since SMBv2 and later. We can add a lease to a shared file or directory by setting SMB ...