Microsoft Leaks Info on Wormable Windows SMBv3 CVE-2020-0796 Flaw
Microsoft leaked info on a security update for a 'wormable' pre-auth remote code execution vulnerability found in the Server Message Block 3.0 (SMBv3) network communication protocol that reportedly should have been disclosed as part of this month's Patch T
www.bleepingcomputer.com
Desktop and server Windows 10 versions impacted
Devices running Windows 10 Version 1903, Windows Server Version 1903 (Server Core installation), Windows 10 Version 1909, and Windows Server Version 1909 (Server Core installation) are impacted by this vulnerability according to a Fortinet advisory, although more versions should be affected given that SMBv3 was introduced in Windows 8 and Windows Server 2012.
"An attacker could exploit this bug by sending a specially crafted packet to the target SMBv3 server, which the victim needs to be connected to," Cisco Talos explained in their Microsoft Patch Tuesday report — this was later removed by the Talos security experts.
"The exploitation of this vulnerability opens systems up to a 'wormable' attack, which means it would be easy to move from victim to victim," they also added.
Fortinet says that upon successful exploitation, CVE-2020-0796 could allow remote attackers to take full control of vulnerable systems.
Due to Microsoft's secrecy, people are coming up with their own theories regarding the malware and its severity, some comparing it to EternalBlue, NotPetya, WannaCry, or MS17-010 (1, 2).
Others have already started coming up with names for the vulnerability such as SMBGhost, DeepBlue 3: Redmond Drift, Bluesday, CoronaBlue, and NexternalBlue.
ing
'악성코드(Malware)' 카테고리의 다른 글
| lazarus covets malware (0) | 2020.12.25 |
|---|---|
| OT(Operational Technology) 와 악성코드 (0) | 2020.12.09 |
| 기업 랜섬웨어 KISA (0) | 2020.11.19 |
| 악성코드로 알아보는 Reflective DLL Injection (경로 참고) (0) | 2020.10.08 |
| HWP + SlackBot Malware Analysis (0) | 2019.11.21 |
wtdsoul