On Marc 10, 2020, Microsoft accidentally leaked information about a remote exploitable vulnerability, CVE-2020-0796, now dubbed SMBGhost. If you already know what SMBGhost is, or if you want to scan your Internet IP addresses to check if you are affected, you can scan your company for free with Autobahn.
SMBGhost has to do with the protocol used for Windows file sharing (SMBv3) on Windows 10 and Windows Server 2019. Malicious attackers that successfully exploit the vulnerability can execute their code on the server or client they target. The issue can turn into a quickly spreading “worm” – not unlike WannaCry and NotPetya in 2017.
The flaw impacts “only” SMBv3 which is found in Microsoft’s most recent operation systems: Windows 10 versions 1903 and 1909, as well as Server Core installations of Windows Server versions 1903 and 1909. When scanning the internet, one can discover almost 50 thousand vulnerable hosts that publicly expose this SMBv3 protocol.
Microsoft released a patch on March 12, but this patch has not been deployed in many organizations as they only patch after Microsoft’s “Patch Tuesday,” which is scheduled on April 14, 2020. Make sure to get the patch here and deploy it before the issue gets exploited. If you cannot download the patch right now, we advise to disable SMBv3 compression and block TCP port 445 on firewalls and client computers.
To know whether you are affected, our vulnerability scanner Autobahn provides a fast and free scan of your external systems. If we find that your systems are vulnerable, we provide you with hands-on remediation advise. Click here to sign up and get your report now.
Subscribe now to be be posted about the latest developments and updates.