If you haven’t patched since March 10th, it would be an excellent idea to do so as quickly as possible. Recently, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued a dire warning concerning a newly discovered security flaw.
The flaw is known as SMBGhost or its more colorful name, “Eternal Darkness”. It was discovered by security analysts and a crude proof of concept created by a researcher who goes by the online alias of ‘Chompie.’
Although the proof of concept was pieced together quickly and is not well optimized, it works and allows for fairly consistent remote code execution. That is a fancy way of saying that hackers can use the exploit to compromise machines connected to the internet without being in close physical proximity.
As Chompie reports:
“This has not been tested outside of my lab environment. It was written quickly and needs some work to be more reliable. Using this for any purpose other than self-education is an extremely bad idea. Your computer will burst in flames. Puppies will die.”
Although the flaw isn’t quite that bad, it poses some serious concerns for IT Security Professionals. The good news is that although Windows 10 builds 1903 and 1909 are both vulnerable, older and newer versions of Windows 10 are not. So if you’re running either of the above, patch now to avoid the possibility of seeing your system compromised.
According to the DHS warning:
“Malicious cyber actors are targeting unpatched systems with the new PoC according to recent open-source reports. CISA strongly recommends using a firewall to block SMB ports from the internet and to apply patches to critical- and high-severity vulnerabilities as soon as possible.”
Make sure this one’s high on your list of priorities.