News about the Windows SMBv3 vulnerability SMBGhost

[German]A brief update to the SMBGhost vulnerability CVE-2020-0796 in the SMBv3 protocol in Windows 10 version 190x and Windows Server 2019, although Microsoft has released an update to close the vulnerability. However, this update causes installation errors on some systems. Thousands of systems are still vulnerable to the vulnerability and are now under attack.


Advertising

Patch for SMBv3 vulnerability CVE-2020-0796

On March 2020 patchday a serious but unpatched vulnerability (CVE-2020-0796) in the Windows SMBv3 protocol became public. This vulnerability could allow worms to spread. I had reported in detail in the blog post Windows SMBv3 0-day vulnerability CVE-2020-0796.

Then, on March 12, 2020, Microsoft released an unscheduled security update KB4551762 for the SMBv3 vulnerability CVE-2020-0796 for the following versions of Windows (see also Windows 10: Patch for SMBv3 Vulnerability CVE-2020-0796):

  • Windows Server Version 1903 (Server Core Installation)
  • Windows Server Version 1909 (Server Core Installation)
  • Windows 10 Version 1903 for 32-bit Systems
  • Windows 10 Version 1903 for ARM64-based Systems
  • Windows 10 Version 1903 for x64-based Systems
  • Windows 10 Version 1909 for 32-bit Systems
  • Windows 10 Version 1909 for ARM64-based Systems
  • Windows 10 Version 1909 for x64-based Systems

Update KB4551762 is causing issues

The problem is that this update causes installation errors for some users. I had pointed out such problems in the blog post Windows 10: KB4551762 causes error 0x800f0988/0x800f0900. Bleeping Computer has collected more errors in this article.

Blog reader EP points out in this comment further issues with printing, caused by the update. At askwoody.com, a user also reports that his HP printers have stopped working since installing the update. There is also this entry in the HP forum, which reports something similar:

HP Envy 7640 do not print after Windows Update KB4551762

On Win 10, HP Envy 7640 do not work since the windows update KB4551762 (no error, the spooler is ok, but the printer do not print).

When i uninstall the KB4551762, it's ok.

So there are users who have problems with the update KB4551762 installation. However, this exposes the system to risks.


Advertising

48,000 Windows hosts vulnerable via CVE-2020-0796

After an Internet-wide scan, researchers from cyber security firm Kryptos Logic discovered approximately 48,000 Windows 10 hosts vulnerable to attacks targeting the CVE-2020-0796 (Pre-Auth Remote Code Execution) vulnerability found in Microsoft Server Message Block 3.1.1 (SMBv3).

Bleeping computer discussed this in this article. In the meantime, the first proof of concept (PoC) examples have also been published that exploit the vulnerability. On GitHub you can find PoC examples as well as scanners that can be used to scan a network for vulnerable computers.

From the above tweet I gather that about 300 sources are currently scanning the Internet for vulnerable Windows systems with the vulnerability VE-2020-0796 (SMBGhost).

Similar articles:
Windows SMBv3 0-day vulnerability CVE-2020-0796
Windows 10: Patch for SMBv3 Vulnerability CVE-2020-0796
Windows 10: KB4551762 causes error 0x800f0988/0x800f0900
A Scanner for Windows SMBv3 Vulnerability CVE-2020-0796


Advertising

This entry was posted in Security, Windows and tagged , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).