The cyber security experts: Windows 10 has a critical vulnerability, not yet patched. It has been dubbed “SMBGhost” and affects the Server Message Block (SMB) network communications protocol. It’s wormable
Microsoft Windows 10 has a critical vulnerability, not yet patched. It has been dubbed “SMBGhost” by cyber security experts (CVE-2020-0796). This flaw affects the Server Message Block (SMB) 3.0 network communications protocol. If successfully exploited by an attacker, could enable remote and arbitrary code execution and potentially take control of the system. Moreover, it is “wormable.” This means that an attacker could move from victim to victim a similar way that the EternalBlue SMB exploit enabled WannaCry to spread so quickly. Microsoft tuesday released a bunch of updates to patch security vulnerabilities in various products. A total of 115 vulnerabilities has been fixed, but not the CVE-2020-0796. However, the company in the last hours released a note on how to disable the SMBv3 compression, as MalwareHunterTeam (one of the first reasearchers who discovered the vulnerability), reports.
Microsoft confirmed the flaw in an advisory: Aware of a remote code execution vulnerability in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests
Microsoft also confirmed the Windows 10’s SMBGhost vulnerability in a cyber security advisory. In the report, the company stated that “is aware of a remote code execution vulnerability in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target SMB Server or SMB Client. To exploit the vulnerability against an SMB Server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 Server. To exploit the vulnerability against an SMB Client, an unauthenticated attacker would need to configure a malicious SMBv3 Server and convince a user to connect to it. We will update this advisory when updates are available”. At the moment, there is no evidence suggesting that the flaw has been exploited. However, a part from disabling SMB compression, there aren’t any mitigating factors.