"Malicious cyber actors are targeting unpatched systems with the new [threat]," the agency noted on the Homeland Security web site. The agency said it "strongly recommends using a firewall to block server message block ports from the internet and to apply patches to critical- and high-severity vulnerabilities as soon as possible." The agency also referred concerned parties to Microsoft's security guidance posts and notes published by the U.S. Computer Emergency Readiness Team at us-cert.gov.
A Github user published the proof-of-concept exploit code Monday. On unpatched systems, the code potentially could spread to millions of computers. In the hands of malicious actors, the losses could be massive, with estimates ranging from billions to tens of billions of dollars. The user noted that the exploit itself contains flaws, stating, "It was written quickly and needs some work to be more reliable." The user noted that the code frequently crashes a system, resulting in a BSOD—blue screen of death.
The exploit, termed SMBGhost, is not easy for hackers to successfully execute. But security officials warn the wormlike nature of the exploit, paired with tendency of computer users to delay patching systems with the latest updates, is reason for concern. The Windows flaw is located in the Server Message Block (SMB), where files, printers and other accessories linked through local networks or the Internet communicate with one another. A malicious packet can enter the system and, without any user activity, spread to millions of other users.
More: https://ricercasecurity.blogspot.com/2020/04/ill-ask-your-body-smbghost-pre-auth-rce.html
Read Also: How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows
A Github user published the proof-of-concept exploit code Monday. On unpatched systems, the code potentially could spread to millions of computers. In the hands of malicious actors, the losses could be massive, with estimates ranging from billions to tens of billions of dollars. The user noted that the exploit itself contains flaws, stating, "It was written quickly and needs some work to be more reliable." The user noted that the code frequently crashes a system, resulting in a BSOD—blue screen of death.
The exploit, termed SMBGhost, is not easy for hackers to successfully execute. But security officials warn the wormlike nature of the exploit, paired with tendency of computer users to delay patching systems with the latest updates, is reason for concern. The Windows flaw is located in the Server Message Block (SMB), where files, printers and other accessories linked through local networks or the Internet communicate with one another. A malicious packet can enter the system and, without any user activity, spread to millions of other users.
More: https://ricercasecurity.blogspot.com/2020/04/ill-ask-your-body-smbghost-pre-auth-rce.html
Read Also: How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows
No comments :
Post a Comment