Yet more security concerns, this time from Microsoft via TechRadar. The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to all unpatched Microsoft Systems. CISA, part of United States Homeland Security, has found exploit code for a “wormable” bug online.
Originally discovered in a Github post. The exploit code targets a known flaw in the server message block tool that allows windows to communicate with other devices for example servers and printers.
“Although Microsoft disclosed and provided updates for this vulnerability in March 2020, malicious cyber actors are targeting unpatched systems with the new PoC, according to recent open-source reports. CISA strongly recommends using a firewall to block SMB ports from the internet and to apply patches to critical- and high-severity vulnerabilities as soon as possible.”CISA.
Once deployed the bug known as SMBGhost, can allow the attacker to run download malware on the target computer remotely. Its fast spreading across any other devices on the same network, hence the name ‘wormable’.
CISA strongly recommends updating all Windows systems if you haven’t already.
Further guidelines for Users and Administrators:
- CVE-2020-0796 | Windows SMBv3 Client/Server Remote Code Execution Vulnerability
- ADV200005 | Microsoft Guidance for Disabling SMBv3 Compression
- Microsoft SMBv3 compression remote code execution vulnerability (Carnegie Mellon University)