CVE-2020-0796 | | Windows SMBv3 Client/Server Remote Code Execution Vulnerability aka 'SMBGhost' - Security Advisory -
News have emerged that a new critical vulnerability in smbv3, aka 'SMBHost' could the next "wannacry" worm like crisis, as such, here find the actions that Traveloka Security and Corporate IT are taking to resolve the vulnrebaility.
Summary
Vulnerable versions:
Microsoft Link: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796
Note: There is no available information that indicates active exploitation of this vulnerability in-the-wild , but given the technical characteristics of the bug is very likely it will be weaponized in the immediate future that could lead to a wide range of different (and potentially wormable) attacks.
Are affected? Yes
Vulnerable versions of Windows found in Traveloka:
Possible Impact
Action Items
Task: https://get.tvlk.it/hc/en-us/requests/2412
Alternatively, prior to the patch being released, Corpt IT had started to roll-out some of the precautionary measures .
1.- Disable SMBv3 compression in all the servers affected if any.
2.- Update the IPS rules across all our Fortinets and move this specific IPS rule to block mode.
3.- Block all incoming 445 from the internet. (should not be opened in the first place)
Security Advisory page : https://29022131.atlassian.net/wiki/spaces/S/pages/1294205049/CVE-2020-0796+Windows+SMBv3+Client+Server+Remote+Code+Execution+Vulnerability+aka+SMBGhost
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv200005
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796
https://www.kaspersky.com/blog/smb-311-vulnerability/33991/
https://fortiguard.com/encyclopedia/ips/48773
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv200005