Windows 10 SMBGhost RCE exploit demoed by researchers

[LASER_oneXM]

Content source

https://www.bleepingcomputer.com/news/security/windows-10-smbghost-rce-exploit-demoed-by-researchers/

A proof-of-concept remote code execution (RCE) exploit for the Windows 10 CVE-2020-0796 'wormable' pre-auth remote code execution vulnerability was developed and demoed today by researchers at Ricerca Security.

The security vulnerability, also known as SMBGhost, was found in the Microsoft Server Message Block 3.1.1 (SMBv3) network communication protocol and it only impacts systems running Windows 10, version 1903 and 1909, as well as Server Core installations of Windows Server, versions 1903 and 1909.

Some information on SMBGhost was leaked during last month's Patch Tuesday after being accidentally published by a number of security vendors part of Microsoft Active Protections Program despite Microsoft's decision to hold on to the info and not issuing a security advisory.

"An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client," Microsoft explains.
.. ...

 

[CyberTech]

New Windows 10 SMBv3 flaw can be used for data theft, RCE attacks

A new security vulnerability was found in the compression mechanism of the Microsoft Server Message Block 3.1.1 (SMBv3) network communication protocol used by multiple versions of Windows 10 and Windows Server.

www.bleepingcomputer.com