Researchers Daniel García Gutiérrez (@danigargu) and Manuel Blanco Parajón (@dialluvioso_) have published proof-of-concept (PoC) exploits for the CVE-2020-0796 Windows vulnerability, tracked as SMBGhost, that can be exploited by attackers for local privilege escalation.
On March 10, 2019, the IT giant accidentally leaked info on a security update for a wormable vulnerability in the Microsoft Server Message Block (SMB) protocol.
The issue is a pre-remote code execution flaw that resides in the Server Message Block 3.0 (SMBv3) network communication protocol.
Technical details of the CVE-2020-0796 vulnerability have been disclosed, but security firms Cisco Talos and Fortinet published a description of the issue on their websites.
The vulnerability is caused by an error in the way SMBv3 handles maliciously crafted compressed data packets, a remote, unauthenticated attacker could exploit the flaw to execute arbitrary code within the context of the application.
The CVE-2020-0796 vulnerability affects devices running Windows 10 Version 1903, Windows Server Version 1903 (Server Core installation), Windows 10 Version 1909, and Windows Server Version 1909 (Server Core installation). According to Fortinet other Microsoft versions should be affected.
Microsoft released the KB4551762 update for Windows 10, versions 1903 and 1909, and Windows Server 2019, versions 1903 and 1909.
Immediately after the disclosure of the flaw, security experts created PoC exploits to trigger DoS condition, but now cybersecurity firm ZecOps published technical details of the flaw and released a PoC for remote code execution. The PoC exploits could be exploited to escalate privileges to SYSTEM.
“The bug is an integer overflow bug that happens in the Srv2DecompressData function in the srv2.sys SMB server driver.” wrote the experts. “We managed to demonstrate that the CVE-2020-0796 vulnerability can be exploited for local privilege escalation. Note that our exploit is limited for medium integrity level, since it relies on API calls that are unavailable in a lower integrity level.”
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.