Researchers Published SMBGhost Privilege Escalation on Windows

Mark Funk
Posted by Mark Funk April 1, 2020
Windows

Researchers have released proof-of-concept (PoC) exploits to show how local privilege escalation can take advantage of the Windows vulnerability tracked as SMBGhost and CV E-2020-0796.

Microsoft claims the bug patched in an out-of-band update on March 12 can be used on SMB clients and servers for remote code execution. The critical flaw of how SMB 3.1.1 manages such requests, which is described as “swordable,” affects the 1903 and 1909 release of Windows 10 and Windows Server.

Attacking SMB servers demands that the attacker send different packets to the network. The attacker has to convince the target user to connect to a compromised SMBv3 server for customers.

Researchers have developed tools to scan compromised servers and have released PoC exploits to achieve a DoS state. A PoC is not yet public for the remote code execution, but ZecOps has created and published a PoC showing that SMBGhost can be used to increase the privileges of Framework.

Researchers Daniel García Gutiérrez and Manuel Blanco Parajón also provided SMBGhost PoCs to improve SYSTEM’s privileges.

Researchers have released proof-of-concept (PoC) exploits to show how local privilege escalation can take advantage of the Windows vulnerability tracked as SMBGhost and CV E-2020-0796.

SMBGhost_LPE

Microsoft claims the bug patched in an out-of-band update on March 12 can be used on SMB clients and servers for remote code execution. The critical flaw of how SMB 3.1.1 manages such requests, which is described as “swordable,” affects the 1903 and 1909 release of Windows 10 and Windows Server.

Attacking SMB servers demands that the attacker send different packets to the network. The attacker has to convince the target user to connect to a compromised SMBv3 server for customers.

Researchers have developed tools to scan compromised servers and have released PoC exploits to achieve a DoS state. A PoC is not yet public for the remote code execution, but ZecOps has created and published a PoC showing that SMBGhost can be used to increase the privileges of Framework.

Researchers Daniel García Gutiérrez and Manuel Blanco Parajón also provided SMBGhost PoCs to improve SYSTEM’s privileges.

Mark Funk
Mark Funk
View More Posts
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.