Login
Login

SMBGhost

{{Short description|Security vulnerability}}

{{use dmy dates|date=June 2020}}

{{Infobox bug

| name = SMBGhost

| image =

| caption =

| CVE = {{CVE|2020-0796|link=no}}

| discovered = {{Start date and age|2019|11|04|df=yes}} (Date of CVE assignment)

| patched = 10 March 2020

| discoverer = Malware Hunter Team{{Cite web|url=https://malwarehunterteam.com/|title=Home - MalwareHunterTeam|website=malwarehunterteam.com}}

| affected hardware =

| affected software = Windows 10 version 1903 and 1909, and Server Core installations of Windows Server, versions 1903 and 1909

| website =

}}

SMBGhost (or SMBleedingGhost or CoronaBlue) is a type of security vulnerability, with wormlike features, that affects Windows 10 computers and was first reported publicly on 10 March 2020.{{cite news |last=Hammond |first=Jordan |title=CVE-2020-0796: Understanding the SMBGhost Vulnerability |url=https://www.pdq.com/blog/cve-2020-0796/ |date=11 March 2020 |work=PDQ.com |accessdate=12 June 2020}}{{cite news |last=Seals |first=Tara |title=SMBGhost RCE Exploit Threatens Corporate Networks |url=https://threatpost.com/smbghost-rce-exploit-corporate-networks/156391/ |date=8 June 2020 |work=ThreatPost.com |accessdate=10 June 2020 }}{{cite news |last=Grad |first=Peter |title=Homeland Security warns of Windows worm |url=https://techxplore.com/news/2020-06-homeland-windows-worm.html |date=9 June 2020 |work=TechXplore.com |accessdate=10 June 2020 }}{{cite news |last=Gatlan |first=Sergiu |title=Windows 10 SMBGhost RCE exploit demoed by researchers |url=https://www.bleepingcomputer.com/news/security/windows-10-smbghost-rce-exploit-demoed-by-researchers/ |date=20 April 2020 |work=Bleeping Computer |accessdate=12 June 2020 }}{{cite news |author=Staff |title=CVE-2020-0796 - Windows SMBv3 Client/Server Remote Code Execution Vulnerability |url=https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796 |date=13 March 2020 |work=Microsoft |accessdate=12 June 2020 }}{{cite news |author=Staff |title=CoronaBlue / SMBGhost Microsoft Windows 10 SMB 3.1.1 Proof Of Concept |url=https://packetstormsecurity.com/files/156731/CoronaBlue-SMBGhost-Microsoft-Windows-10-SMB-3.1.1-Proof-Of-Concept.html |date=15 March 2020 |work=Packet Storm |accessdate=10 June 2020 }}{{cite news |author=Chompie1337 |title=SMBGhost RCE PoC |url=https://github.com/chompie1337/SMBGhost_RCE_PoC |date=8 June 2020 |work=GitHub |accessdate=10 June 2020 }}{{cite news |last=Murphy |first=David |title=Update Windows 10 Now to Block 'SMBGhost' |url=https://lifehacker.com/update-windows-10-now-to-block-smbghost-1843968661 |date=10 June 2020 |work=LifeHacker.com |accessdate=10 June 2020 }}

Security vulnerability

A proof of concept (PoC) exploit code was published 1 June 2020 on GitHub by a security researcher.{{Cite web |last=Ilascu |first=Ionut |title=Windows 10 SMBGhost bug gets public proof-of-concept RCE exploit |url=https://www.bleepingcomputer.com/news/security/windows-10-smbghost-bug-gets-public-proof-of-concept-rce-exploit/ |date=5 June 2020 |work=Bleeping Computer |access-date=2020-06-17 |language=en-us}} The code could possibly spread to millions of unpatched computers, resulting in as much as tens of billions of dollars in losses.

Microsoft recommends all users of Windows 10 versions 1903 and 1909 and Windows Server versions 1903 and 1909 to install patches, and states, "We recommend customers install updates as soon as possible as publicly disclosed vulnerabilities have the potential to be leveraged by bad actors ... An update for this vulnerability was released in March [2020], and customers who have installed the updates, or have automatic updates enabled, are already protected." Workarounds, according to Microsoft, such as disabling SMB compression and blocking port 445, may help but may not be sufficient.

According to the advisory division of Homeland Security, "Malicious cyber actors are targeting unpatched systems with the new [threat], ... [and] strongly recommends using a firewall to block server message block ports from the internet and to apply patches to critical- and high-severity vulnerabilities as soon as possible."

References

{{Reflist|colwidth=30em}}

External links

  • {{youtube|_iohx3HT1g8|Video (02:40) – SMBGhost patching (CVE-2020-0796)}} (12 March 2020)
  • {{youtube|TQUH2Qsme7Y|Video (02:40) – SMBGhost check (CVE-2020-0796)}} (12 March 2020)
  • {{youtube|hBLmgAdmywE|Video (04:22) – SMBGhost vulnerability (CVE-2020-0796)}} (13 March 2020)
  • {{youtube|MgWK_-TT2w4|Video (11:10) – SMBGhost scan/exploit (CVE-2020-0796)}} (13 March 2020)
  • {{youtube|tPAIHJxbGDc|Video (07:27) – SMBGhost explained (CVE-2020-0796)}} (4 April 2020)
  • {{youtube|VRB4wdOzcic|Video (00:50) – SMBGhost crashes W10 (CVE-2020-0796)}} (10 June 2020)

{{Hacking in the 2020s}}

{{Portal bar|Business and economics|Computer programming}}

Category:Computer security

Category:2020 in computing