Devices running Windows 10 Version 1903, Windows Server Version 1903 (Server Core installation), Windows 10 Version 1909, and Windows Server Version 1909 (Server Core installation) are impacted by this vulnerability according to aFortinet advisory, although more versions should be affected given that SMBv3 was introduced in Windows 8 and Windows Server 2012.
"An attacker could exploit this bug by sending a specially crafted packet to the target SMBv3 server, which the victim needs to be connected to," Cisco Talosexplained in their Microsoft Patch Tuesday report — this was later removed by the Talos security experts.
"The exploitation of this vulnerability opens systems up to a 'wormable' attack, which means it would be easy to move from victim to victim," they also added.
Fortinet says that upon successful exploitation, CVE-2020-0796 could allow remote attackers to take full control of vulnerable systems.
Due to Microsoft's secrecy, people are coming up with their own theories regarding the malware and its severity, some comparing it to EternalBlue, NotPetya, WannaCry, or MS17-010 (1,2).
Others have already started coming up with names for the vulnerability such asSMBGhost, DeepBlue 3: Redmond Drift, Bluesday, CoronaBlue, and NexternalBlue.
