The SMBGhost affects the latest version of the Server Message Block (SMB) protocol.
SMB is a Windows service which is used for remote file and printer sharing. This vulnerability is caused by incorrectly handling the data compression in the protocol.
This could allow an attacker to get remote access to the vulnerable system or can crash the server. SMBGhost gets affected on both the SMB server and the SMB client.
So the attacker can either get access to the vulnerable SMB services or cloud setup by their own malicious server and compromise servers connected to it by convincing unsuspecting users to connect.
If the attacker can make a successful exploitation, either the server crashes or gets a remote session to the vulnerable machine.
We recommend mitigating SMBGhost by patching all devices as per the Microsoft advisory.
Also, avoid the exposure of the SMB service discovery to the external connection by the firewall policies. There is also a workaround by disabling the SMBv3 compression.
You can disable the SMBv3 compression by the PowerShell command below:
You can disable the workaround by the PowerShell command below.