The Cybersecurity and Infrastructure Security Agency (CISA) is aware of publicly available and functional proof-of-concept (PoC) code that exploits CVE-2020-0796 in unpatched systems. Although Microsoft disclosed and provided updates for this vulnerability in March 2020, malicious cyber actors are targeting unpatched systems with the new PoC, according to recent open-source reports. CISA strongly recommends using a firewall to block SMB ports from the internet and to apply patches to critical- and high-severity vulnerabilities as soon as possible.

CISA also encourages users and administrators to review the following resources and apply the necessary updates or workarounds.

Microsoft Security Guidance for CVE-2020-0796
Microsoft Advisory ADV200005
CERT Coordination Center’s Vulnerability Note VU#872016

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

We recently updated our anonymous product survey; we’d welcome your feedback.

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv200005

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796

www.kb.cert.org/vuls/id/872016/

thn 4

myhack58 1

githubexploit 28

exploitpack 2

kitploit 3

trellix 6

prion 1

threatpost 10

nessus 4

qualysblog 4

canvas 2

packetstorm 2

cvelist 1

nvd 1

cve 1

mscve 2

openvas 1

carbonblack 1

mskb 1

metasploit 2

attackerkb 4

cisa 3

checkpoint_advisories 1

zdt 5

talosblog 1

kaspersky 1

rapid7blog 3

akamaiblog 1

cisa_kev 1

cert 1

exploitdb 3

mmpc 3

mssecure 4

hivepro 1

krebs 2

securelist 2

avleonov 5

thn

Warning — Unpatched Critical 'Wormable' Windows SMBv3 Flaw Disclosed

2020-03-11 12:16:00

Critical Patch Released for 'Wormable' SMBv3 Vulnerability — Install It ASAP!

2020-03-12 14:30:00

SMBleed: A New Critical Vulnerability Affects Windows SMB Protocol

2020-06-09 20:30:00

myhack58

Odd security letter issued to Microsoft a high-risk vulnerability warning Win10 as the main effect of the target-vulnerability warning-the black bar safety net

2020-03-14 00:00:00

githubexploit

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

2021-09-04 15:07:15

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

2020-05-12 14:41:27

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

2020-03-30 11:42:56

exploitpack

Microsoft Windows 10 (19031909) - SMBGhost SMB3.1.1 SMB2_COMPRESSION_CAPABILITIES Local Privilege Escalation

2020-03-30 00:00:00

Microsoft Windows 10 (19031909) - SMBGhost SMB3.1.1 SMB2_COMPRESSION_CAPABILITIES Buffer Overflow (PoC)

2020-03-14 00:00:00

kitploit

CVE-2020-0796 - CVE-2020-0796 Pre-Auth POC

2020-03-31 00:47:00

CVE-2020-0796 - Windows SMBv3 LPE Exploit #SMBGhost

2020-03-31 00:50:00

dazzleUP - A Tool That Detects The Privilege Escalation Vulnerabilities Caused By Misconfigurations And Missing Updates In The Windows OS

2020-07-31 12:30:00

trellix

SMBGhost – Analysis of CVE-2020-0796

2020-03-12 00:00:00

SMBGhost – Analysis of CVE-2020-0796

2020-03-12 00:00:00

Securing Space 4.0 – One Small Step or a Giant Leap? - Part 1

2020-09-30 00:00:00

prion

Remote code execution

2020-03-12 16:15:00

threatpost

‘WannaCry Hero’ Avoids Jail Time in Kronos Malware Charges

2019-07-29 13:23:34

Wormable, Unpatched Microsoft Bug Threatens Corporate LANs

2020-03-11 17:13:53

2020-03-10 20:30:36

nessus

Microsoft Windows SMBv3 Compression RCE (ADV200005)(CVE-2020-0796)(Remote)

2020-03-11 00:00:00

KB4551762: Windows 10 Version 1903 and Windows 10 Version 1909 OOB Security Update (ADV200005)(CVE-2020-0796)

2020-03-12 00:00:00

Microsoft Windows SMBv3 Compression RCE (ADV200005)(CVE-2020-0796)(Deprecated)

2020-03-11 00:00:00

qualysblog

Microsoft Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796)

2020-03-11 23:38:37

Automatically Discover, Prioritize and Remediate Microsoft SMBv3 RCE Vulnerability (CVE-2020-0796) using Qualys VMDR

2020-03-16 23:34:12

March 2020 Patch Tuesday – 115 Vulns, 26 Critical, Microsoft Word and Workstation Patches

2020-03-10 19:07:42

canvas

Immunity Canvas: SMBGHOST

2020-03-12 16:15:00

Immunity Canvas: SMBGHOST_LPE

2020-03-12 16:15:00

packetstorm

Microsoft Windows SMB 3.1.1 Remote Code Execution

2020-03-15 00:00:00

SMBv3 Compression Buffer Overflow

2020-04-06 00:00:00

cvelist

CVE-2020-0796

2020-03-12 15:48:18

nvd

CVE-2020-0796

2020-03-12 16:15:15

cve

CVE-2020-0796

2020-03-12 16:15:15

mscve

Windows SMBv3 Client/Server Remote Code Execution Vulnerability

2020-03-12 07:00:00

Microsoft Guidance for Disabling SMBv3 Compression

2020-03-10 07:00:00

openvas

Microsoft Windows Server Message Block 3.1.1 RCE Vulnerability (KB4551762)

2020-03-12 00:00:00

carbonblack

Threat Analysis: CVE-2020-0796 – EternalDarkness (ghostSMB)

2020-03-17 14:14:25

mskb

March 12, 2020—KB4551762 (OS Builds 18362.720 and 18363.720) - EXPIRED

2020-03-12 07:00:00

metasploit

SMBv3 Compression Buffer Overflow

2021-04-09 18:15:05

SMBv3 Compression Buffer Overflow

2020-04-02 21:22:00

attackerkb

CVE-2020-0796 - SMBGhost

2020-03-12 00:00:00

CVE-2021-31166

2021-05-11 00:00:00

CVE-2020-1206 Windows SMBv3 Client/Server Information Disclosure Vulnerability

2020-06-09 00:00:00

cisa

Microsoft Server Message Block RCE Vulnerability

2020-03-11 00:00:00

Microsoft Releases Out-of-Band Security Updates for SMB RCE Vulnerability

2020-03-12 00:00:00

CISA Adds 15 Known Exploited Vulnerabilities to Catalog

2022-02-10 00:00:00

checkpoint_advisories

Microsoft Windows SMBv3 Remote Code Execution (CVE-2020-0796)

2020-03-11 00:00:00

zdt

Microsoft Server Message Block 3.1.1 (SMBv3) Compression Buffer Overflow Exploit

2020-04-06 00:00:00

Microsoft Windows - (SMBGhost) Remote Code Execution Exploit

2020-06-02 00:00:00

Microsoft Windows 10 (1903/1909) - SMBGhost SMB3.1.1 SMB2_COMPRESSION_CAPABILITIES Buffer Overflow

2020-03-15 00:00:00

talosblog

Microsoft Patch Tuesday — March 2020: Vulnerability disclosures and Snort coverage

2020-03-12 10:00:14

kaspersky

KLA11693 ACE vulnerability in Microsoft Windows

2020-03-12 00:00:00

rapid7blog

NICER Protocol Deep Dive: Internet Exposure of SMB

2020-09-18 15:11:21

Metasploit Wrap-Up

2021-05-28 15:42:16

Trick or Treat! What We Can Learn from the Spookiest Vulnerabilities of the Year

2020-10-29 13:59:06

akamaiblog

How To Protect Your Systems Against Critical SMB Vulnerabilities (CVE-2020-0796)

2020-03-17 20:12:00

cisa_kev

Microsoft SMBv3 Remote Code Execution Vulnerability

2022-02-10 00:00:00

cert

Microsoft SMBv3 compression remote code execution vulnerability

2020-03-11 00:00:00

exploitdb

Microsoft Windows 10 (1903/1909) - 'SMBGhost' SMB3.1.1 'SMB2_COMPRESSION_CAPABILITIES' Buffer Overflow (PoC)

2020-03-14 00:00:00

Microsoft Windows 10 (1903/1909) - 'SMBGhost' SMB3.1.1 'SMB2_COMPRESSION_CAPABILITIES' Local Privilege Escalation

2020-03-30 00:00:00

Microsoft Windows - 'SMBGhost' Remote Code Execution

2020-06-02 00:00:00

mmpc

Zerologon is now detected by Microsoft Defender for Identity

2020-11-30 17:00:20

When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks

2021-07-29 19:00:59

When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure

2021-07-22 16:00:57

mssecure

Zerologon is now detected by Microsoft Defender for Identity

2020-11-30 17:00:20

Mitigating vulnerabilities in endpoint network stacks

2020-05-04 16:00:25

When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks

2021-07-29 19:00:59

hivepro

Vulnerabilities & Threats that Matter 08 – 14th Aug

2022-08-16 05:00:49

krebs

Microsoft Patch Tuesday, June 2020 Edition

2020-06-10 02:43:20

Microsoft Patch Tuesday, April 2020 Edition

2020-04-14 22:24:10

securelist

IT threat evolution Q2 2020. PC statistics

2020-09-03 10:30:23

IT threat evolution Q1 2020. Statistics

2020-05-20 10:00:43

avleonov

Microsoft Patch Tuesday August 2022: DogWalk, Exchange EOPs, 13 potentially dangerous, 2 funny, 3 mysterious vulnerabilities

2022-08-23 00:00:26

Microsoft Patch Tuesday March 2020: a new record was set, SMBv3 “Wormable” RCE and updates for February goldies

2020-03-22 01:15:34

Microsoft Patch Tuesday April 2020: my classification script, confusing RCE in Adobe Type Manager and updates for older vulnerabilities

2020-04-26 01:24:38

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.975 High

EPSS

Percentile

100.0%

JSON

Related for CISA:9D38592E642AD30FA4BC435AC4FFC304