After an Internet-wide scan, researchers at cybersecurity firm Kryptos Logic discovered roughly 48,000 Windows 10 hosts vulnerable to attacks targeting the pre-auth remote code execution CVE-2020-0796 vulnerability found in Microsoft Server Message Block 3.1.1 (SMBv3).
Several vulnerability scanners designed to detect Windows devices exposed to attacks are already
available on GitHub, including one created by Danish security researcher
ollypwn and designed to check if SMBv3 is enabled on the device and if the compression capability that triggers the bug is enabled.
The vulnerability, dubbed
SMBGhost, is known to only impact desktop and server systems running Windows 10, version 1903 and 1909, as well as Server Core installations of Windows Server, versions 1903 and 1909.
Microsoft
explains that "the vulnerability exists in a new feature that was added to Windows 10 version 1903" and that "older versions of Windows do not support SMBv3.1.1 compression."
... ...