Almost three months ago we have published an article about an accidental leak of unpatched wormable Windows 10 SMBGhost exploit in SMBv3 protocol.
Today, the U.S Government cybersecurity agency has confirmed this vulnerability and warns Windows 10 users about ongoing malicious cyberattacks targeting systems that are still vulnerable by this three months old flaw.
A remote code execution flaw exists in the way how Microsoft’s SMBv3 protocol handles certain requests. Basically, it allows for a maliciously constructed data packet sent to the server to run the arbitrary code execution.
Even though the patch has been released not all Windows 10 PCs have it installed and thus are still vulnerable. Because this is a worm-type exploit it can spread rapidly between vulnerable systems.
Microsoft’s security update addressing the SMBGhost vulnerability for both Windows 10 1903 and 1909 versions can be found here.