The «perfect» vulnerability now with a functional PoC

10th March 2020 when the monthly Windows Patch Tuesday security updates were released by Microsoft, they accidently disclosed details about a critical windows 10 vulnerability. It was disclosed before a fix had been made available. The vulnerability named “SMBGhost” was apparently disclosed because a miscommunication in the patching and disclosure process.

A perfect 10

CVE-2020-0796 was thought so dangerous were it to be weaponized that it merited the rarest CVSS rating a «perfect» 10. Microsoft was quick to act and issued an emergency out of band fix within days.

SMBGhost is a fully wormable vulnerability that could enable remote code execution and ultimately control of the targeted system if a successful attack was launched. The vulnerability in Microsoft’s Server Message Block 3.1.1 allows for a maliciously constructed data packet sent to the server to kick off the arbitrary code execution.

What has changed?

According to CISA they are now aware of a publicly available and functional proof-of-concept (PoC) code that exploits CVE-2020-0796 in unpatched systems. Although Microsoft disclosed and provided updates for this vulnerability in March 2020, malicious cyber actors are targeting unpatched systems with the new PoC according to recent open-source reports.

What to do

CISA strongly recommends using a firewall to block SMB ports from the internet and to apply patches to critical- and high-severity vulnerabilities as soon as possible.

We encourage users and administrators to review the following resources and apply the necessary updates or workarounds.

Microsoft’s security updates addressing SMBGhost in Windows 10 version 1909 and 1903 and Server Core for the same versions : CVE-2020-0796

Microsoft Advisory : ADV200005

CERT Coordination Center’s Vulnerability Note : VU#872016

References:

  1. https://www.us-cert.gov/ncas/current-activity/2020/06/05/unpatched-microsoft-systems-vulnerable-cve-2020-0796
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.