Proof of Concept Exploit Released for Critical SMBGhost Windows 10 SMBv3 Vulnerability
A functional proof of concept (PoC) exploit for a critical remote code execution vulnerability in the Microsoft Server Message Block 3.1.1 (SMBv3) protocol has been released and is being used by malicious cyber actors to attack vulnerable systems, according to an alert issued by the DHS Cybersecurity and Infrastructure Security Agency (CISA).
The vulnerability, referred to as SMBGhost, is due to the way the SMBv3 protocol handles certain requests. If exploited, a malicious cyber actor could remotely execute code on a vulnerable server or client by sending a specially crafted packet to a targeted SMBv3 server. An attack against a client would also be possible if an attacker configured a malicious SMBv3 server and convinced a user to connect to it.
The vulnerability could be exploited to...