430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Experts published PoC exploits for CVE-2020-0796 privilege escalation flaw on Windows

Researchers published proof-of-concept (PoC) exploits for the CVE-2020-0796 Windows flaw, tracked as SMBGhost, that can be exploited for local privilege escalation. Researchers Daniel García Gutiérrez (@danigargu) and Manuel Blanco Parajón (@dialluvioso_) have published proof-of-concept (PoC) exploits for the CVE-2020-0796 Windows vulnerability, tracked as SMBGhost, that can be exploited by attackers for local privilege escalation. Cybersecurity firms Kryptos […]

CVE-2020-0796

Researchers published proof-of-concept (PoC) exploits for the CVE-2020-0796 Windows flaw, tracked as SMBGhost, that can be exploited for local privilege escalation.

Researchers Daniel García Gutiérrez (@danigargu) and Manuel Blanco Parajón (@dialluvioso_) have published proof-of-concept (PoC) exploits for the CVE-2020-0796 Windows vulnerability, tracked as SMBGhost, that can be exploited by attackers for local privilege escalation.

Cybersecurity firms Kryptos Logic discovered roughly 48,000 servers vulnerable to SMBGhost attacks exposed online.

On March 12, Microsoft released security updates to address the CVE-2020-0796 vulnerability in SMBv3 protocol that could be exploited by vxers to implement “wormable” malware.

On March 10, 2019, the IT giant accidentally leaked info on a security update for a wormable vulnerability in the Microsoft Server Message Block (SMB) protocol.

The issue is a pre-remote code execution flaw that resides in the Server Message Block 3.0 (SMBv3) network communication protocol.

Technical details of the CVE-2020-0796 vulnerability have been disclosed, but security firms Cisco Talos and Fortinet published a description of the issue on their websites.

The vulnerability is caused by an error in the way SMBv3 handles maliciously crafted compressed data packets, a remote, unauthenticated attacker could exploit the flaw to execute arbitrary code within the context of the application.

The CVE-2020-0796 vulnerability affects devices running Windows 10 Version 1903, Windows Server Version 1903 (Server Core installation), Windows 10 Version 1909, and Windows Server Version 1909 (Server Core installation). According to Fortinet other Microsoft versions should be affected.

Microsoft released the KB4551762 update for Windows 10, versions 1903 and 1909, and Windows Server 2019, versions 1903 and 1909.

Immediately after the disclosure of the flaw, security experts created PoC exploits to trigger DoS condition, but now cybersecurity firm ZecOps published technical details of the flaw and released a PoC for remote code execution. The PoC exploits could be exploited to escalate privileges to SYSTEM.

“The bug is an integer overflow bug that happens in the Srv2DecompressData function in the srv2.sys SMB server driver.” wrote the experts. “We managed to demonstrate that the CVE-2020-0796 vulnerability can be exploited for local privilege escalation. Note that our exploit is limited for medium integrity level, since it relies on API calls that are unavailable in a lower integrity level.”

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, CVE-2020-0796)

[adrotate banner=”5″]

[adrotate banner=”13″]