EternalDarkness or
SMBGhost is the latest vulnerability affecting the Microsoft SMB protocol which was first reported in March 2020
This is high-severity threat because SMB vulnerabilities very-often are quickly adopted by “wormified” malicious attacks. As-of publishing of this post, PoCs exist for DoS and local privilege escalation
Bitdefender Hypervisor Introspection stops the local privilege escalation 0-day attack without any additional configurations or updates. See the Demo below. A recently reported Windows SMB v3 vulnerability could lead to widespread malware proliferation. Microsoft published a
Security Advisory on March 10th, 2020, acknowledging the presence of a new remote code execution vulnerability in the SMBv3 protocol affects both servers and clients. The advisory was initially released without any mitigations available, while a patch was released within a few days. The vulnerability is known to affect Window 10 and Windows Server 2019 Core versions 1903 and 1909 across x86 and ARM microarchitectures.
This type of vulnerability sends shivers down the infosec practitioner’s spine. It kicks-off the race to patching, testing of security controls, and implementation of mitigating measures before mass-exploitation ensues. Hopefully by now, everyone has patched all vulnerable systems.
The SMB Can of Worms
It usually doesn’t take long for attackers to “wormify” exploitable remote code execution vulnerabilities in services commonly exposed to the internal network or the outside world. An example includes SMB – the Microsoft Server Message Block protocol.
Looking back, we’ve see just how damaging this level of attack automation can be, specifically around SMB vulnerabilities. The following is a highlight-reel, of sorts.
hypervisor
introspection
blocks
eternaldarkness
smbghost
privilege
escalation
exploit
){kind=link}