| CVE identifier(s) | CVE-2020-0796[1] |
|---|---|
| Date discovered | 4 November 2019; 5 years ago (2019-11-04)[1] (note: date cve "assigned") |
| Date patched | 10 March 2020[1][2][3] |
| Discoverer | Malware Hunter Team[4][1] |
| Affected software | Windows 10 version 1903 and 1909, and Server Core installations of Windows Server, versions 1903 and 1909[5] |
SMBGhost (orSMBleedingGhost orCoronaBlue) is a type ofsecurity vulnerability, withwormlike features, that affectsWindows 10 computers and was first reported publicly on 10 March 2020.[1][2][3][5][6][7][8][9]
Aproof of concept (PoC)exploit code was published 1 June 2020 onGitHub by a security researcher.[8][10] The code could possibly spread to millions of unpatched computers, resulting in as much as tens of billions of dollars in losses.[3]
Microsoft recommends all users of Windows 10 versions 1903 and 1909 and Windows Server versions 1903 and 1909 to install patches, and states, "We recommend customers install updates as soon as possible as publicly disclosed vulnerabilities have the potential to be leveraged by bad actors ... An update for this vulnerability was released in March [2020], and customers who have installed the updates, or have automatic updates enabled, are already protected."[3] Workarounds, according to Microsoft, such as disabling SMB compression and blocking port 445, may help but may not be sufficient.[3]
According to the advisory division ofHomeland Security, "Malicious cyber actors are targeting unpatched systems with the new [threat], ... [and] strongly recommends using a firewall to block server message block ports from the internet and to apply patches to critical- and high-severity vulnerabilities as soon as possible."[3]
{{cite news}}: CS1 maint: numeric names: authors list (link)
