The experts of a pentesting course company just revealed the exploits of a proof of concept to abuse a recently discovered vulnerability in the Windows operating system known SMBGhost. Tracked as CVE-2020-0796, that flaw could be exploited by a threat actor to perform an escalation of privileges on the target system.
On the other hand, cybersecurity company Kryptos Logic reported approximately 48,000 servers vulnerable to SMBGhost attacks exposed online and within reach of any user who knows where to look.
Last year, the IT systems giant accidentally leaked multiple details about a security issue in the Microsoft Server Message Block (SMB) protocol. According to the specialists of the pentesting course company, this is a pre-remote code execution vulnerability existing in the SMBv3 network communication protocol.
According to reports, this vulnerability exists due to an error in the way SMBv3 manages compressed data packets created for malicious purposes. An unauthenticated remote threat actor could exploit this vulnerability to exploit the flaw and execute arbitrary code in the context of the vulnerable application.
Pentesting course company experts point out that the flaw affects any device running Windows 10 v1903, Windows Server v1903 (Server Core), Windows 10 v1909, and Windows Server v1909 (Server Core). However, specialists do not rule out more Windows deployments being compromised.
In response to this security report, Microsoft released update KB4551762 for Windows 10, versions 1903 and 1909, and Windows Server 2019, versions 1903 and 1909.
After details about the vulnerability were revealed, specialists began developing the proof of concept with the goal of triggering a denial of service (DDoS) condition. ZecOps specialists also launched a proof-of-concept to run remote code on affected systems.
According to the International Institute of Cyber Security (IICS), the integer overflow error occurs in the Srv2DecompressData function on the srv2.sys SMB server driver. Experts managed to demonstrate that the CVE-2020-0796 vulnerability can be exploited for escalation of local privileges. Independent users and researchers should note that this exploit is limited to an average level of integrity because it is based on API calls that are not available at a lower integrity level.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.