Security News > 2020 > June > PoC RCE exploit for SMBGhost Windows flaw released
A security researcher has published a PoC RCE exploit for SMBGhost, a wormable flaw that affects SMBv3 on Windows 10 and some Windows Server versions.
The PoC exploit is unreliable, but could be used by malicious attackers as a starting point for creating a more effective exploit.
SMBGhost has the potential to fuel attacks like the ones that brought us WannaCry and NotPetya, though more limited since those exploited a vulnerability in SMBv1 and SMBGhost is found in SMBv3.
Some security companies and researchers have created limited PoC exploits for SMBGhost, but have refrained from publishing them until the security updates fixing the flaw are more widely deployed.
Some attackers have been exploiting the flaw for local privilege escalation, but there is no indication that the flaw is being exploited for achieving remote code execution.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/jdxr1xIQQMo/
Related news
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- SonicWall firewall bug leveraged in attacks after PoC exploit release (source)
- PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159) (source)
- MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364) (source)
- APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices (source)