<\/em><\/p>\n
Problem CVE-2020-0796<\/strong>, also called SMBGhost, affects SMBv3<\/a>, though Windows 10 1903, Windows 10 1909, Windows Server 1903, and Windows Server 1909 are also vulnerable to the bug.<\/p>\n Let me remind you that the SMB protocol a few years ago helped the distribution of WannaCry and NotPetya around the world. Recently Microsoft strongly recommended<\/a> disabling SMBv1 in Microsoft Exchange, as it cannot come up with patches for this protocol.<\/p>\n Last month, Kryptos Logic experts estimated that about 48,000 hosts<\/a> with an open SMB port, which are vulnerable to potential attacks with a new bug, can be found on the Internet.<\/p>\n \u201cThe vulnerability is a buffer overflow on Microsoft SMB servers. The problem manifests when the vulnerable software processes a malicious compressed data packet. A remote and unauthenticated attacker can use this to execute arbitrary code in the application context\u201d, – say Fortinet experts.<\/p><\/blockquote>\n A similar description of the problem was published and then removed from the Cisco Talos blog. The company claimed that \u201cexploiting the vulnerability opens up systems for attacks with worm potential,\u201d meaning the problem could easily spread from victim to victim.<\/p>\n Due to a leak in mid-March, Microsoft engineers were forced to urgently prepare an extraordinary patch for this vulnerability. The hotfix is available as KB4551762<\/a> for Windows 10, versions 1903 and 1909, as well as Windows Server 2019 versions 1903 and 1909.<\/p>\n Researchers have now created and published tools that can be used to find vulnerable servers, and have also released PoC<\/a> exploits that help achieve denial of service (DoS).<\/p>\n While PoC for remote code execution has not yet been published due to its danger, ZecOps experts have developed and released PoC, which demonstrates how SMBGhost can be used to elevate privileges to SYSTEM. Additionally, ZecOps researchers published a blog report with the technical details<\/a> of an attack on local privilege escalation.<\/p>\n