Expert Insight On Microsoft Leaks Info On Wormable Windows SMBv3 CVE-2020-0796 Flaw
Currently, Microsoft do not have a patch for this and they have not commented (so far) on when one might be available.
SMB (Server Message Block) is the protocol used for sharing files, this is the same protocol that was vulnerable to the EternalBlue (CVE-2017-0144) exploit back which was weaponised into the WannaCry ransomware.
It appears that this new vulnerability has several of the same hallmarks as EternalBlue. From the information we have, it appears that this new vulnerability is also ‘wormable’ - a ....
[Read More >>]
SMB (Server Message Block) is the protocol used for sharing files, this is the same protocol that was vulnerable to the EternalBlue (CVE-2017-0144) exploit back which was weaponised into the WannaCry ransomware.
It appears that this new vulnerability has several of the same hallmarks as EternalBlue. From the information we have, it appears that this new vulnerability is also ‘wormable’ - a worm is a piece of malware that is self-replicating, meaning that it can propagate throughout a network without help from a user. This means that this new vulnerability could result in a resurgence of ransomware attacks such as WannaCry and NotPetya, which both used the very similar EternalBlue exploit.
It seems that no Proof of Concept code is currently public, but administrators are advised to disable SMBv3 Compression, which seems to be the vulnerable feature, and to block port 445 where possible.
Currently, Microsoft do not have a patch for this and they have not commented (so far) on when one might be available. The only reason we know that this bug exists is because Microsoft included some details about this vulnerability in their Patch Tuesday details BUT then they didn’t actually patch the problem. I expect this means that they intended to include this fix in the most recent patch, but when they didn’t make the deadline, they forgot to remove the information from the Patch Tuesday notes.
This bug is going by a few different names, two of the ‘best’ are CoronaBlue (based on EternalBlue) and SMBGhost (Since everyone now knows there’s a bug (because Microsoft accidentally told us) but nobody can see it.
window.fbAsyncInit = function() {
FB.init({
appId : 494784607323930, // App ID
cookie : true, // enable cookies to allow the server to access the session
xfbml : true, // parse XFBML
version : 'v2.4' // use version 2.0
});
};
// Load the SDK asynchronously
(function(d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); js.id = id;
js.src = "https://connect.facebook.net/en_US/sdk.js";
fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));
Gloss