Homeland Security: Hackers Targeting Windows 10 Vulnerability

The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) released the warning last week.
Published: June 11, 2020

U.S. cybersecurity officials are warning of a three-month-old Windows 10 vulnerability and proof-of-concept code that could allow a bad actor to execute code on a compromised machine.

Malicious cyber actors are targeting unpatched systems with the new proof of concept code, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) says in a warning.

CISA recommends using a firewall to block SMB ports from the internet and to apply patches to critical and high-severity vulnerabilities as soon as possible.

According to Forbes, Microsoft disclosed and provided updates for the vulnerability in March, but unpatched systems are being targeted with the new proof-of-concept code.

——Article Continues Below——

Get the latest industry news and research delivered directly to your inbox.

The vulnerability is called CVE-2020-0796, but it’s better known as SMBGhost, the publication says.

“CVE-2020-0796, better known today as SMBGhost, was thought so dangerous were it to be weaponized that it merited that rarest of common vulnerability scoring system (CVSS) ratings: a “perfect” 10. Microsoft was quick to act. It issued an emergency out of band fix within days,” reports Forbes. “SMBGhost is a fully wormable vulnerability that could enable remote and arbitrary code execution and, ultimately, control of the targeted system if a successful attack was launched. The vulnerability, in Microsoft’s Server Message Block 3.1.1, allows for a maliciously constructed data packet sent to the server to kick off the arbitrary code execution.”

However, if not every at-risk device was updated automatically, some machines are still exposed, according to Forbes.

“Such an attack would require both an unpatched and vulnerable Windows 10 or Windows Server Core machine and, crucially, working and available exploit code,” Forbes continues. “The former should have been sorted by the emergency update being applied automatically, but that assumes every device at risk would have automatic updates enabled. This is not the case, for a myriad of reasons, and leaves systems and data exposed.”

What IT administrators should do:


This article originally ran on our sister publication My TechDecisions.

Posted in: News

Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series