Microsoft patches wormable SMBv3 vulnerability

Posted on Friday, March 13 2020 @ 10:16 CET by Thomas De Maesschalck
MSFT logo
Days ago, Microsoft accidentally revealed the existence of a wormable exploit in the SMBv3 protocol. Fortunately, the company now has a patch (KB4551762).

The update resolves in an issue in the Microsoft Server Message Block 3.1.1 protocol that could lead to remote code execution on an SMB server or client. It's recommended to update systems as soon as possible, either via Windows Update or downloading it manually.

Bleeping Computer reports security researchers have already created proof of concept code:
SophosLabs' Offensive Research team also developed and shared a video demo of a local privilege escalation proof-of-concept exploit that allows attackers with low-level privileges to gain SYSTEM-level privileges.

"The SMB bug appears trivial to identify, even without the presence of a patch to analyze," Kryptos Logic said, with malicious actors probably being also close to developing their own exploits for CVE-2020-0796.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments