Vulnerability, also known as SMBGhost, was discovered in the Microsoft Server Message Block 3.1.1 (SMBv3) network communication protocol and only affects systems running Windows 10, versions 1903 and 1909, as well as the Server Core installations of Windows Server, 1903 and 1909 versions.
Although the Microsoft had decided not to reveal the vulnerability and not to issue security advice, some information about SMBGhost was leaked during Patch Tuesday last month by various security suppliers who are part of the company's Active Protections Program.
"An attacker who successfully exploits the vulnerability could gain the ability to execute code on the destination server or client." he explains Microsoft.
Following the release of several Proof-of-Concepts (PoC) exploits, including a denial of service developed by Kryptos Logic security researcher Marcus Hutchins, Microsoft has released updates. security for all affected platforms on 12 March.
"However, although there have already been many public reports and PoCs for LPE (Local Privilege Escalation), none of them have shown that an RCE is actually possible so far," said Ricerca Security researchers.
If the repair of all vulnerable Systems weren't urgent enough until now, Ricerca Security revealed yesterday a PoC RCE exploit for SMBGhost, with all the technical details behind it.
So far, however, Ricerca Security has decided not to publicly share the RCE PoC operation so that it does not exist. danger to fall into the wrong hands.
Researchers at Kryptos Logic have discovered about 48.000 Windows 10 computers that are vulnerable to attacks targeting the vulnerability of SMBGhost. If you have not yet repaired your Windows 10 systems against CVE-2020-0796, you should do so as soon as possible to rule out possible attacks.