Security News > 2020 > June > SMBGhost Attacks Spotted Following Release of Code Execution PoC
The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency has warned Windows users that a recently released proof-of-concept exploit for the vulnerability tracked as SMBGhost has been abused to launch attacks.
The flaw affects Windows 10 and Windows Server and it can be exploited for denial-of-service attacks, local privilege escalation, and arbitrary code execution.
Last week, a researcher who uses the online moniker Chompie released an SMBGhost exploit for remote code execution.
Chompie said the PoC was not reliable and that it would often cause the system to crash, but several experts have confirmed that the remote code execution exploit works.
Researchers previously warned that various pieces of malware had been exploiting SMBGhost to escalate privileges and spread locally, but it now appears that the vulnerability is also being exploited for remote code execution.
News URL
Related news
- Over 660,000 Rsync servers exposed to code execution attacks (source)
- New Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle Attack (source)
- whoAMI attacks give hackers code execution on Amazon EC2 instances (source)
- SonicWall firewall bug leveraged in attacks after PoC exploit release (source)
- New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution (source)