A security researcher known online as Chompie has shared a working exploit code for the CVE-2020-0796 vulnerability that achieves remote code execution on Windows 10 machines.
CVE-2020-0796 (aka SMBGhost, CoronaBlue, NexternalBlue, BluesDay, or EternalDarkness) is a pre-remote code execution flaw that resides in the Server Message Block 3.0 (SMBv3) network communication protocol.
The vulnerability, which received a maximum severity rating score of 10 based on CVSS v3, affects devices running Windows 10, version 1903 and 1909, and Windows Server Server Core installations, versions 1903 and 1909. Earlier versions of Windows are not affected by this vulnerability.
Microsoft has patched this vulnerability in March. At the time, the company has warned that exploitation is “more likely” on both older and newer software releases.
According to Chompie, the exploit relies on a physical read primitive. This primitive may allow easier exploitation of future SMB memory corruption bugs, the researcher explained.
However, the exploit is not 100% reliable, the researcher said.
“It was written quickly and needs some work to be more reliable. Sometimes you BSOD. Using this for any purpose other than self education is an extremely bad idea,” reads the description posted on GitHub.
Multiple researchers have already made public tools that can be used to scan for vulnerable servers, and created proof-of-concept (PoC) exploits that can result in a DoS condition or allow to escalate privileges to SYSTEM.
