Microsoft claims the bug patched in an out-of-band update on March 12 can be used on SMB clients and servers for remote code execution. The critical flaw of how SMB 3.1.1 manages such requests, which is described as “swordable,” affects the 1903 and 1909 release of Windows 10 and Windows Server. Attacking SMB servers demands that the attacker send different packets to the network. The attacker has to convince the target user to connect to a compromised SMBv3 server for customers. Researchers have developed tools to scan compromised servers and have released PoC exploits to achieve a DoS state. A PoC is not yet public for the remote code execution, but ZecOps has created and published a PoC showing that SMBGhost can be used to increase the privileges of Framework. Researchers Daniel García Gutiérrez and Manuel Blanco Parajón also provided SMBGhost PoCs to improve SYSTEM’s privileges. Researchers have released proof-of-concept (PoC) exploits to show how local privilege escalation can take advantage of the Windows vulnerability tracked as SMBGhost and CV E-2020-0796.
Microsoft claims the bug patched in an out-of-band update on March 12 can be used on SMB clients and servers for remote code execution. The critical flaw of how SMB 3.1.1 manages such requests, which is described as “swordable,” affects the 1903 and 1909 release of Windows 10 and Windows Server. Attacking SMB servers demands that the attacker send different packets to the network. The attacker has to convince the target user to connect to a compromised SMBv3 server for customers. Researchers have developed tools to scan compromised servers and have released PoC exploits to achieve a DoS state. A PoC is not yet public for the remote code execution, but ZecOps has created and published a PoC showing that SMBGhost can be used to increase the privileges of Framework.
— Kryptos Logic (@kryptoslogic) March 12, 2020 Researchers Daniel García Gutiérrez and Manuel Blanco Parajón also provided SMBGhost PoCs to improve SYSTEM’s privileges.