Spooky season is in full swing, and we’re not just talking about Halloween. Security vulnerabilities can range from tiny errors to large-scale gaps in protection, and all have different consequences. We put together a list of some of the scariest vulnerabilities of the year (the tricks!) and the remediation solutions that can help you stay on guard in the future (the treats!).
The Trick: SMBghost is a buffer overflow vulnerability when compression is enabled in Microsoft SMB Servers. The vulnerability is due to an error when the vulnerable software handles a maliciously crafted compressed data packet. A remote, unauthenticated attacker can exploit this to execute arbitrary code within the context of the application. Yikes!
The impact that the exploitation of this vulnerability has is very high, due to this having the ability to be exploited remotely and the sense that it grants system-level access in kernel mode. This vulnerability has also been deemed as wormable, which makes it a priority for attackers to utilize.
The Treat: Though the attacker value is very high, most AttackerKB users have noted that the vuln’s exploitability is relatively low. Microsoft has since released a patch for this vulnerability and suggests that users take proper precaution when enabling compression within SMB. Now, with many knowledge workers still stuck at home thanks to the pandemic, and therefore not spending a lot of time hanging out in SMB-heavy environments, this sequestration might actually be limiting the value of this and other SMB vulnerabilities—maybe working from home might actually be good for security!
The Trick: A remote code e ..
Support the originator by clicking the read the rest link below.
