SMBGhost (security vulnerability)

From HandWiki
Short description: security vulnerability
SMBGhost
CVE identifier(s)CVE-2020-0796[1]
Date discovered4 November 2019; 4 years ago (2019-11-04)[1] (note: date cve "assigned")
Date patched10 March 2020[1][2][3]
DiscovererMalware Hunter Team[1]
Affected hardwareWindows 10 version 1903 and 1909, and Server Core installations of Windows Server, versions 1903 and 1909[4]

SMBGhost (or SMBleedingGhost or CoronaBlue) is a type of security vulnerability, with wormlike features, that affects Windows 10 computers and was first reported publicly on 10 March 2020.[1][2][3][4][5][6][7][8] A Proof-of-Concept (PoC) exploit code was published 1 June 2020 on Github by a security researcher.[7][9] The code could possibly spread to millions of unpatched computers, resulting in as much as tens of billions of dollars in losses.[3]

Microsoft recommends all users of Windows 10 versions 1903 and 1909 and Windows Server versions 1903 and 1909 to install patches, and states, "We recommend customers install updates as soon as possible as publicly disclosed vulnerabilities have the potential to be leveraged by bad actors ... An update for this vulnerability was released in March [2020], and customers who have installed the updates, or have automatic updates enabled, are already protected."[3] Workarounds, according to Microsoft, such as disabling SMB compression and blocking port 445, may help but may not be sufficient.[3]

According to the advisory division of Homeland Security, "Malicious cyber actors are targeting unpatched systems with the new [threat], ... [and] strongly recommends using a firewall to block server message block ports from the internet and to apply patches to critical- and high-severity vulnerabilities as soon as possible."[3]

References

  1. 1.0 1.1 1.2 1.3 1.4 Hammond, Jordan (11 March 2020). "CVE-2020-0796: Understanding the SMBGhost Vulnerability". PDQ.com. https://www.pdq.com/blog/cve-2020-0796/. Retrieved 12 June 2020. 
  2. 2.0 2.1 Seals, Tara (8 June 2020). "SMBGhost RCE Exploit Threatens Corporate Networks". ThreatPost.com. https://threatpost.com/smbghost-rce-exploit-corporate-networks/156391/. Retrieved 10 June 2020. 
  3. 3.0 3.1 3.2 3.3 3.4 3.5 Grad, Peter (9 June 2020). "Homeland Security warns of Windows worm". TechXplore.com. https://techxplore.com/news/2020-06-homeland-windows-worm.html. Retrieved 10 June 2020. 
  4. 4.0 4.1 Gatlan, Sergiu (20 April 2020). "Windows 10 SMBGhost RCE exploit demoed by researchers". Bleeping Computer. https://www.bleepingcomputer.com/news/security/windows-10-smbghost-rce-exploit-demoed-by-researchers/. Retrieved 12 June 2020. 
  5. Staff (13 March 2020). "CVE-2020-0796 - Windows SMBv3 Client/Server Remote Code Execution Vulnerability". Microsoft. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796. Retrieved 12 June 2020. 
  6. Staff (15 March 2020). "CoronaBlue / SMBGhost Microsoft Windows 10 SMB 3.1.1 Proof Of Concept". Packet Storm. https://packetstormsecurity.com/files/156731/CoronaBlue-SMBGhost-Microsoft-Windows-10-SMB-3.1.1-Proof-Of-Concept.html. Retrieved 10 June 2020. 
  7. 7.0 7.1 Chompie1337 (8 June 2020). "SMBGhost RCE PoC". GitHub. https://github.com/chompie1337/SMBGhost_RCE_PoC. Retrieved 10 June 2020. 
  8. Murphy, David (10 June 2020). "Update Windows 10 Now to Block 'SMBGhost'". LifeHacker.com. https://lifehacker.com/update-windows-10-now-to-block-smbghost-1843968661. Retrieved 10 June 2020. 
  9. Ilascu, Ionut (5 June 2020). "Windows 10 SMBGhost bug gets public proof-of-concept RCE exploit" (in en-us). Bleeping Computer. https://www.bleepingcomputer.com/news/security/windows-10-smbghost-bug-gets-public-proof-of-concept-rce-exploit/. 

External links