The US Cybersecurity and Infrastructure Security Agency (CISA) issued a warning that hackers are actively exploiting a previously patched flaw in Windows 10 that goes by multiple names, among them Eternal Darkness and SMBGhost. Both sound ominous, and for good reason. If left unpatched, an attacker could gain unauthorized remote access to a target system and wreak havoc.
Microsoft actually issued an out-of-band patch for this vulnerability in March, meaning it arrived separately from any scheduled Patch Tuesday updates that are pushed out the second Tuesday of every month. Out-of-band patches are typically reserved for security issues that demand immediate attention.
In this case, the flaw has to do with the Server Message Block (SMB) protocol in Windows 10. It’s basically a network file sharing protocol that offers shared access to files, printers, and other resources between PCs on a network.
Eternal Darkness/SMBGhost affects version 3.11 of the protocol, which as ThreatPost points out, is the same version that was targeted by the WannaCry ransomware a couple of years ago. And like WannaCry, it has the ability to ‘worm’ its way through a network to quickly infect multiple PCs.
This was a pain 😂. But I was able to achieve RCE with CVE 2020-0796 #SMBGhost. pic.twitter.com/mvQ0YQt9GTJune 1, 2020
Even though this was patched in March, a user on Twitter recently posted a proof-of-concept exploit to GitHub that allows an attacker to execute malicious code remotely, along with a video showcasing the exploit. This code has been used in the wild to attack Windows 10 PCs that have not been patched recently.
“Although Microsoft disclosed and provided updates for this vulnerability in March 2020, malicious cyber actors are targeting unpatched systems with the new PoC, according to recent open-source reports. CISA strongly recommends using a firewall to block SMB ports from the internet and to apply patches to critical- and high-severity vulnerabilities as soon as possible,” CISA said.
If you have not run Windows Update in a while, you should do so right now, to ensure you have the patch installed. You could also apply the May 2020 Update for Windows 10 (version 2004) if you have been putting that off, as this does not affect the latest release. Just be sure to back up your important files first in case something goes wrong.