Hackers are using point-of-concept exploit code for the very critical “SMBGhost” bug – aka EternalDarkness – that Microsoft patched in March in its Server Message Block 3.1.1 (SMBv3) protocol
Functioning point-of-concept exploit code now exists for the highly critical “SMBGhost” bug – also known as Eternal Darkness – that Microsoft patched Mar. 2019 in its Server Message Block 3.1.1 (SMBv3) protocol, & attackers are taking advantage, the US Cybersecurity % Infrastructure Security Agency (CISA) has warned, citing open-source reports.
Called CVE-2020-0796, the bug can lead to a wormable remote code execution attack on a targeted SMB server or client. Microsoft on Mar.12 issued an out-of-band patch for the vulnerability, after an apparent mistake in the Microsoft vulnerability disclosure process that led to at least 2 cyber companies prematurely posting information about this flaw, before Microsoft had the chance to publicly reveal the bug.
As well as patching the vulnerability, CISA recommends that users use a firewall to block SMB ports from the internet.
Various news sources reported that a researcher with the Twitter handle “Chompie” has shared SMBGhost RCE exploit code publicly on GitHub. In April, the cybersecurity company Ricerca Security likewise made PoC code available.
Bleeping Computer also reported that the cybersecurity company ZecOps has shown how SMBGhost can be exploited for ‘denial of service’ & local privilege escalation, & Kryptos Logic demoed a DoS exploit as well. It has also reported that cybercriminals already have been leveraging the bug to deliver the ‘Ave Maria’ remote access trojan.