Cyber security news for all

More

    PoC RCE exploits for SMBGhost Windows flaw released

    Security researchers have released a PoC RCE exploit for SMBGhost (CVE-2020-0796). PoC RCE is a wormable flaw that affects SMBv3 on Windows 10 and some Windows Server versions.

    The PoC exploit is wavering, but in the hands of hackers can be used as a standard for developing a more effective exploit. As soon as the flaw came to light in March 2020, Microsoft released patches for; Windows 10 (versions 1903 and 1909) and Windows Server (1903 and 1909 – Server Core installation).

    The vulnerability grants access to the SMB server by sending a specially crafted packet to a targeted SMBv3 server. It can also gain access to SMB clients by creating a malicious SMBv3 Server and tricking a user into connecting to it. Attackers who already have access can manipulate it to leverage on SYSTEM privileges.

    In the delay of updates, users should disable the SMBv3 compression. This act will obstruct illegal entry and compromise of the SMBv3 server.

    Also, TCP port 445 at the enterprise perimeter firewall can be blocked off to prevent entry and SMB traffic.

     

    SMBGhost can trigger an attack similar to that of WannaCry and NotPetya.

    The difference lies in their reach. SMBGhost has a limited range and located in SMBv3. Also, WannaCry and NotPetya exploited vulnerabilities in SMBv1 and were able to use existing and public exploits.

    “Although attackers have been exploiting the flaw for local privilege escalation, there is no indication that the “flaw” compromises the remote code execution.”

    Security experts and researchers have halted the release of PoC exploits until security updates are made public. Security companies like ZecOps have announced that a PoC RCE exploit will be released following the next Windows update.

    Though the PoC, which goes by the handle “chompie,” doesn’t work every time, determined attackers might get lucky and get a breakthrough.

     

     

     

     

    Recent Articles

    Personnel were asked to removed 89 apps which includes Instagram, Facebook, and others by the Indian Army

    Personnel are told by the Indian Army to delete 89 apps from their phones from July 15. This is in a bid to avoid...

    The warning sent to employees about Tiktok app was a mistake says Amazon

    On Friday morning, Amazon sent out a memo to its employees, asking them to uninstall the popular social media app TikTok off their phone....

    Other Android phones sold in the US contains pre-installed malware

    There’s a discovery of Pre-installed malware on another phone by researchers from Malwarebytes; through the lifeline Assistance program for sale in the United States....

    About 15 billion stolen passwords and usernames sold on the dark web.

    A recent finding has shown that about 15 billion passwords and usernames are distributed on the dark web. This compromise will bring about credential...

    Hundreds of multinational companies aimed by Russian BEC Gang

    According to the security firm Agari, there has been a discovery of a newly uncovered Russia-based business email compromise gang; BEC gang that scams...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox