Microsoft has released a Windows patch for a security vulnerability (CVE-2020-0796) affecting Microsoft Server Message Block (SMB) protocol. The bug, dubbed SMBGhost or EternalDarkness, could allow an attacker to remotely execute malicious code on vulnerable computers.
The CVE-2020-0796 flaw impacts devices running Windows 10, version 1903 and 1909, and Windows Server Server Core installations, versions 1903 and 1909. Earlier versions of Windows are not affected by this vulnerability.
KB4551762 is available for download via Windows Update, or users can install it by manually downloading the security update from the Microsoft Update Catalog. For those who are not able to apply the security update at the moment, Microsoft provides mitigation measures for SMB servers and recommends disabling SMBv3 compression.
According to researchers from cybersecurity firm Kryptos Logic, they discovered around 48,000 internet-connected servers vulnerable to attacks exploiting the CVE-2020-0796 flaw. They also have created PoC code that can result in a DoS condition, and have noted that the bug was easy to discover. SophosLabs Offensive Security has also provided a PoC exploit for the CVE-2020-0796 vulnerability, which allows an attacker with low-level privileges on the computer to gain the highest, SYSTEM-level privileges.
“While we have not observed an attack exploiting this vulnerability, we recommend that you apply this update to your affected devices with priority,” Microsoft said.