SMBGhost Vulnerability (CVE-2020-0796)

Overview

SMBGhost Vulnerability (CVE-2020-0796): “A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka Windows SMBv3 Client/Server Remote Code Execution Vulnerability.”

Description

SMB is a protocol that provides a rich set of features such as file sharing, network browsing, printing services and interprocess communication over a network.

A remote code execution vulnerability exists in SMBv3 on Windows 10 and some Windows Server versions. The vulnerability could be exploited to execute code on the target SMB Server by specially crafted packets. It is also possible to execute code on the SMB Clients that connect to a maliciously configured SMBv3 Server.

The SMBGhost Vulnerability (CVE-2020-0796) stems from a buffer overflow vulnerability due to an error in the handling of compressed data packets.

Impact

An unauthenticated attacker can exploit SMBGhost Vulnerability (CVE-2020-0796) to cause memory corruption, which may lead to remote code execution.

Solution (Update/Workaround)

Security updates to fix the vulnerability have been provided for Windows 10 and Windows Servers.

As a workaround, SMBv3 compression can be disabled to prevent attacks against the SMBv3 Server. Note that, disabling SMBv3 compression will not prevent the exploitation of SMB clients.

Alternatively, as a work around, TCP port 445 can be blocked on firewalls and client computers.

The single biggest existential threat that’s out there, I think, is cyber.

Michael Mullen

Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.

References to Advisories, Solutions and Tools

• NVD (CVE-2020-0796)

To learn more about SMB related vulnerabilities, you could also read our article SMBleed Vulnerability (CVE-2020-1206).

You could also read our popular articles What is a Security Vulnerability? or What is Vulnerability Scanning?