SMBGhost Vulnerability (CVE-2020-0796)

By
Prathap
Published on
31 Aug 2020
1 min read
Vulnerability

The SMBGhost affects the latest version of the Server Message Block (SMB) protocol.

SMB is a Windows service which is used for remote file and printer sharing. This vulnerability is caused by incorrectly handling the data compression in the protocol.

This could allow an attacker to get remote access to the vulnerable system or can crash the server. SMBGhost gets affected on both the SMB server and the SMB client.

So the attacker can either get access to the vulnerable SMB services or cloud setup by their own malicious server and compromise servers connected to it by convincing unsuspecting users to connect.

Affected Operating Systems:

  • windows 10 Version 1903 for 32-bit Systems
  • Windows 10 Version 1903 for ARM64-based Systems
  • Windows 10 Version 1903 for x64-based Systems
  • Windows 10 Version 1909 for 32-bit Systems
  • Windows 10 Version 1909 for ARM64-based Systems
  • Windows 10 Version 1909 for x64-based Systems
  • Windows Server, version 1903 (Server Core installation)
  • Windows Server, version 1909 (Server Core installation)

Impact

If the attacker can make a successful exploitation, either the server crashes or gets a remote session to the vulnerable machine.

Mitigation Or Precaution

We recommend mitigating SMBGhost by patching all devices as per the Microsoft advisory.

Also, avoid the exposure of the SMB service discovery to the external connection by the firewall policies. There is also a workaround by disabling the SMBv3 compression.

You can disable the SMBv3 compression by the PowerShell command below:

        Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force

   

You can disable the workaround by the PowerShell command below.

        Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 0 -Force

   
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Prathap
Prathap
Co-founder, Director
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
Find surface-level website security issues in under a minute
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.