A new critical vulnerability dubbed as SMBleed has recently been discovered which allows hackers to access the kernel memory. It could also lead to the remote code execution attacks when combined with “wormable bug”, a previously disclosed bug. Microsoft addressed the vulnerability on June 2020 Patch Tuesday and has also released the patches, the unpatched systems are still vulnerable though.
Microsoft has patched the SMBleed vulnerability
“Although Microsoft disclosed and provided updates for this vulnerability in March 2020, malicious cyber actors are targeting unpatched systems with the new PoC, according to recent open-source reports,” CISA said.
SMBleed is a critical remote code execution bug in the SMB (Server Message Block) v1 protocol that reportedly impacts the latest versions of Windows like Windows 10 and Windows Server, versions 1903, 1909, and 2004.
Windows PC uses SMB to send files and share resources across the networks. It has been pretty vulnerable over the past few years and been used by the attackers for various intrusions and ransomware attacks.
SMBGhost(CVE-2020-0796) reportedly earlier this year is also a remote code execution vulnerability that resides with version 3.1.1 of the Microsoft Server Message Block (SMB) protocol and attacks Windows 10 and Windows Server 2019.
Microsoft advisory says, “To exploit the vulnerability against a server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 server. To exploit the vulnerability against a client, an unauthenticated attacker would need to configure a malicious SMBv3 server and convince a user to connect to it”.
The US Cybersecurity and Infrastructure Security Agency (CISA) has warned Windows 10 users to update their machines to mitigate this bug. The latest security update corrects how the SMBv3 protocol handles these specially crafted requests and helps to mitigate the vulnerability. If the patch is not applicable to your system, it is recommended to block port 445 to prevent remote exploitation.
Do check the advisory released by Microsoft to know more about the vulnerability and the patches.
