A remote code execution vulnerability, tracked as CVE-2020-0796, exists in Microsoft’s implementation of SMBv3 [Server Message Block] protocol. SMB is the backbone protocol used for file sharing in the network. If file sharing is enabled on a computer, that means shares are accessed over the network via SMB.
This vulnerability is in version 3.1.1 of the SMB protocol which is only present in 32-bit and 64-bit Windows 10 version 1903 and 1909 for desktops and servers. The vulnerability stems from improper handling of requests by the protocol implementation, which allows an attacker to execute code on the target server or client.[/vc_wp_text][vc_wp_text]
Impact Analysis
Technical
- SMB attacks are very critical as such offensives let attackers gain access to the target computer.
- Lateral movement and pivoting can then be used to further the attack deep into internal networks of the organization.
- Can lead to Domain takeover, compromising all of the users of a specific domain.
- Various exploit kits in the wild have been reported using SMB related zero day vulnerabilities in the past to carry out various ransomware/ data breach campaigns.
Business
- Companies can fall victim to ransomware and data breach.
- Loss of reputation, goodwill and revenue.
- Battling lawsuits from clients in the face of a cyber security breach.
- Liable to pay hefty fines from compliance bodies.
