Saturday, July 4, 00:59
Home security Security researchers took advantage of SMBGhost RCE vulnerability

Security researchers took advantage of SMBGhost RCE vulnerability


Researchers at Ricerca Security discovered and demonstrated one vulnerability in Windows 10, named CVE-2020-0796, which allows remote access to an intruder.

Vulnerability, also known as SMBGhost, was discovered in the Microsoft Server Message Block 3.1.1 (SMBv3) network communication protocol and only affects systems running Windows 10, versions 1903 and 1909, as well as the Server Core installations of Windows Server, 1903 and 1909 versions.

Although the Microsoft had decided not to reveal the vulnerability and not to issue security advice, some information about SMBGhost was leaked during Patch Tuesday last month by various security suppliers who are part of the company's Active Protections Program.

"An intruder who can successfully exploit vulnerabilities could be able to execute code on the destination server or client." he explains Microsoft.

Following the release of several Proof-of-Concepts (PoC) exploits, including a denial of service developed by Kryptos Logic security researcher Marcus Hutchins, Microsoft has released updates. security for all affected platforms on 12 March.

"However, although there have already been many public reports and PoCs for LPE (Local Privilege Escalation), none of them have shown that an RCE is actually possible so far," said Ricerca Security researchers.

If the repair of all vulnerable Systems weren't urgent enough until now, Ricerca Security revealed yesterday a PoC RCE exploit for SMBGhost, with all the technical details behind it.

So far, however, Ricerca Security has decided not to publicly share the RCE PoC operation so that it does not exist. danger to fall into the wrong hands.

Researchers at Kryptos Logic have discovered about 48.000 Windows 10 computers that are vulnerable to attacks targeting the vulnerability of SMBGhost. If you have not yet repaired your Windows 10 systems against CVE-2020-0796, you should do so as soon as possible to rule out possible attacks.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement


Avaddon ransomware: Attacks through Excel 4.0 macros

Microsoft announced yesterday that Avaddon ransomware spread this week through an old technique that came to the fore again. The...

Apple: Prohibits updating Chinese Apps without permission

Apple is banning developers from updating existing apps in China's App Store if they don't have government approval.

Australia: Thousands of MyGov accounts are sold on the Dark Web

Access to more than 3600 MyGov accounts is being sold on the dark web, potentially exposing thousands of Australians to fraud and identity theft.

Party Time: Watch TV with your friends online

Party Time: Watch TV with your friends on the internet Time for a different party than you are used to, watching your favorite ...

CISA and FBI warn businesses of Tor's risks

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a warning to businesses regarding ...

openSUSE: The new Leap 15.2 hard drive has been released

Recently, the next stable version of the openSUSE operating system was released. According to the development team of the operating system, ...

What are the most popular types of malware?

Researchers are looking for the most common types of malware. During the investigation of the malicious activities, the researchers in cyberspace focus ...

REvil ransomware: Target the Light SA electricity company

The operators of REvil ransomware (also known as Sodinokibi) violated the Brazilian electricity company Light SA ...

LinkedIn: Our bug is due to an iOS problem

A representative of LinkedIn told ZDNet yesterday that an error in the iOS application was responsible for a seemingly "interfering behavior" that ...

Valak Info Stealer targets businesses in Europe and America

Many businesses in North and South America, but also in Europe, have fallen victim to the infamous Valak Info Stealer.