Critical Windows 10 vulnerability now has working exploit

In March 2020, Microsoft released a patch for a critical vulnerability, dubbed SMBGhost, affecting its SMBv3 protocol (CVE-2020-0796). The SMBv3 protocol is used mainly for workstation to server communication, and when it comes to vulnerabilities that could be weaponised into worms or used to deploy mass malware, it doesn’t get much worse than SMB vulnerabilities for internal networks. This is precisely what happened in 2017 when a similar SMB vulnerability was used to propagate WannaCry ransomware.

Unfortunately, a working proof-of-concept has been released on June 2nd by chompie1337 that demonstrates unauthenticated remote code execution. Whilst the exploit itself is somewhat unreliable, it will not take long for other exploit developers to pick up the work and refine the code.

Once this exploit has been refined and is stable, it could easily be used for propagation of Ransomware or other malware causing significant impacts to organisations that are yet to patch.

For many organisations, the patch has already been applied back in March. If that is not the case for your organisation, we strongly recommend you patch immediately.

For medium to large organisations, a scan across ALL internal assets should be performed to ensure CVE-2020-0796 has been patched. If you would like assistance with this process, feel free to contact us.