It’s not very often that we see critical vulnerability being disclosed before a fix had been made available and even if it gets disclosed, software companies take prompt action to fix the vulnerability. Something similar happened with Windows 10’s SMBGhost vulnerability or CVE-2020-0796 — it was disclosed before a fix had been made available. Microsoft acted quickly and issued an emergency fix for the bug within days.
The months after Microsoft’s emergency fix, the U.S. Government cybersecurity agency confirms the vulnerability and warns that malicious cyber actors are targeting Windows 10 systems still vulnerable to a three-month-old critical security flaw. While issued an emergency patch immediately, not every Windows PC has automatic update enabled, so it’s being suspected that many Windows 10 PCs still have the vulnerability. And since the SMBGhost is “wormable,” it can spread from a vulnerable machine to another vulnerable machine without requiring any interaction from admins or users.
The vulnerability, in Microsoft’s Server Message Block 3.1.1, allows for a maliciously constructed data packet sent to the server to kick off the arbitrary code execution, Forbes reported.
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) “strongly recommends using a firewall to block SMB ports from the internet.” It also recommends users to apply patches and updates as soon as possible. Microsoft’s security update addressing the SMBGhost vulnerability in Windows 10 1909 and 1903 can be found here.