According to a new research, over 100.000 computers are still vulnerable to a vulnerability of Windows known as SMBGhost. The number is extremely large, given that has released a patch for half a year.
The SMBGhost vulnerability is also known as CVE-2020-0796 and has received a score of 10 on the Vulnerability Scale. Therefore, this is a critical vulnerability, which, however, was corrected in March 2020 with an emergency update. A few weeks later, information was released on how vulnerabilities could be used to gain more privileges in a vulnerable system.
In addition, two months later, he was released proof-of-concept (PoC) code for Remote Code Execution (RCE). A little later, the first ones were observed attacks exploiting the SMBGhost vulnerability.
However, according to him Jan Kopriva, head of the group ALEFs Computer Security Incident Response Team (CSIRT) and its member SANS ISC, the vulnerability received the attention it needed when PoC was discovered and released, but Shodan searches show that more than 100.000 systems are still vulnerable to error SMBGhost.
The Shodan is often used to detect systems affected by a particular vulnerability.
"If Shodan's detection mechanism is accurate, it appears that there are still more than 103.000 vulnerable machines accessible from Internet", Says the researcher.
According to Securityweek, the data collected by Shodan over the past eight months show that, a few months ago, vulnerability efforts were intense, but have recently declined significantly, leaving many systems vulnerable.
"It is difficult to say why there are still so many uninformed machines. Η Microsoft an emergency vulnerability fix has been released CVE-2020-0796. It was not part of the usual correction package on Tuesday (patch Tuesday), but that was the only unusual thing and it does not make sense to be the reason for not application of information in so many systems", Notes the researcher.
Finally, Kopriva points out that if the Shodan is a really expensive tool, we should be concerned about the huge number of vulnerable devices, since SMBGhost vulnerability is "wormable" and allows code execution.