.gif "Explain some SMB Vulnerabilities?")
MS08-067: This vulnerability was discovered in 2008 and affects Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems. It allows for remote code execution on systems running vulnerable versions of SMB. It was widely exploited by malware such as Conficker. Microsoft released a patch for this vulnerability, so it is important to ensure that affected systems have been patched to protect against this exploit.
EternalBlue: This exploit, developed by the National Security Agency (NSA), takes advantage of a vulnerability in the way SMB version 1 (SMBv1) handles certain requests. It can be used to remotely execute code on vulnerable systems. The exploit was leaked in 2017 and was subsequently used in the WannaCry and NotPetya ransomware attacks. Microsoft released a patch for this vulnerability, so it is important to ensure that affected systems have been patched to protect against this exploit.
BlueKeep: This vulnerability, discovered in 2019, allows for remote code execution on systems running vulnerable versions of SMBv3. It is similar to MS08-067 and is considered highly critical. Microsoft released a patch for this vulnerability, so it is important to ensure that affected systems have been patched to protect against this exploit.
DejaBlue: a set of 3 new vulnerabilities in SMB v3.1.1, that allow attackers to execute code, crash systems or cause denial of service (DoS) on unpatched Windows systems.
SMBLoris: is a denial of service attack that exploits a design flaw in the SMB protocol. By sending a small number of specially crafted SMB requests to a target server, an attacker can cause the server to consume all of its available resources, making it unavailable to other clients.
SMBGhost: is a vulnerability that affects the SMBv3 protocol and allows an attacker to run arbitrary code on a vulnerable system with elevated privileges. This vulnerability was discovered in March 2020, affecting Windows 10 and Windows Server versions 1903 and 1909, and later patched by Microsoft.
SMBv3 RCE(CVE-2020-0796) : is a security vulnerability that exists in the SMBv3 protocol. It allows an attacker to execute arbitrary code on a vulnerable system by sending a specially crafted packet to the targeted SMBv3 server. This vulnerability was discovered in March 2020 and patched by Microsoft.
SMBv1 RCE (CVE-2017-0143) : SMBv1 RCE (Remote Code Execution) vulnerability is present in Windows 7, Windows Server 2008 R2, and Windows Server 2008. This vulnerability allows the attacker to execute malicious code on the targeted system by sending a specially crafted SMBv1 packet to the targeted system.
SMBv1 RCE (CVE-2017-0146) : This vulnerability allows an attacker to execute arbitrary code on the target machine with the privileges of the target service, which runs with SYSTEM privileges.
SMBv1 RCE (CVE-2017-0148) : This vulnerability allows an attacker to execute arbitrary code on the target machine with the privileges of the target service, which runs with SYSTEM privileges.
SMBv3 RCE(CVE-2020-1206): This vulnerability allows a remote attacker to execute arbitrary code on a vulnerable Windows 10 and Windows Server system via a malicious SMBv3 packet. It can be exploited with the help of infected removable devices.
SMBv3 RCE(CVE-2020-1201): This vulnerability allows an attacker to execute arbitrary code on a vulnerable Windows 10 and Windows Server systems via a malicious SMBv3 packet.
It is highly recommended to check your systems and patch them with the latest security updates.
It's important to note that this list may not be exhaustive, as new vulnerabilities are discovered and patched regularly. It is also important to keep your systems updated with the latest patches and to use firewalls and other security measures to limit the attack surface of your systems.
Additionally, limiting the SMB service to only trusted network can also be a good step.
.gif&description=Explain some SMB Vulnerabilities?){kind=link}
0 Comments