Multi-Device Licenses (Volume Discounts)

Change Region

English Português
Threat Database Vulnerability SMBGhost

SMBGhost

By GoldSparrow in Vulnerability
Translate To:
English

The SMB (Server Message Block) service is found in modern Windows versions and is responsible for managing shared access to serial ports, printers and files on the same network. The SMBGhost vulnerability is linked to the activity of the SMB service. This vulnerability also is known as CVE-2020-0796 and EternalDarkness. It would appear that the protocol in question also was exploited by various threats, including the infamous NotPetya Ransomware and the WannaCry Ransomware. The prior SMB exploit, which was utilized by cyber crooks worldwide, helped them propagate their threats far and wide as it allowed them to spread via worm-like behavior.

According to reports, the newest SMB vulnerability dubbed the SMBGhost has not yet been utilized in an attack. The reason that the SMBGhost vulnerability has not yet been exploited is that Microsoft has sniffed out this weakness and has already prepared for the release of a patch that fixes the issue. However, there might be a few weeks before Microsoft releases the security patch battling the SMBGhost vulnerability officially. It would appear that Microsoft themselves announced the presence of the SMBGhost vulnerability accidentally. Some malware researchers believe that this accidental announcement may be linked to the CVRF (Common Vulnerability Reporting Framework) or the MAPP (Microsoft Active Protections Program).

So far, there has not been a threat developed, which is designed to take advantage of the SMBGhost vulnerability. This is good news for users worldwide. This particular vulnerability affects the latest version of the SMB protocol only – SMBv3. This means that systems that run older versions of Windows like 8, 7 or Vista will not be affected. The only vulnerable systems are ones running Windows 10.

Users who want to keep their systems safe from threats that may exploit the SMBGhost vulnerability may want to look into disabling SMBv3 compression and filtering their traffic via TCP port 445. Furthermore, they should make sure to download and install a genuine anti-malware solution.

Trending

Most Viewed

Loading...