Windows 10 Critical Exploit 2020

SMBGhost is a fully wormable vulnerability that could enable remote and arbitrary code execution and, ultimately, control of the targeted system if a successful attack was launched. The vulnerability, in Microsoft's Server Message Block 3.1.1, allows for a maliciously constructed data packet sent to the server to kick off the arbitrary code execution.


Such an attack would require both an unpatched and vulnerable Windows 10 or Windows Server Core machine and, crucially, working and available exploit code. The former should have been sorted by the emergency update being applied automatically, but that assumes every device at risk would have automatic updates enabled.


This is not the case, for a myriad of reasons, and leaves systems and data exposed.


Especially seeing as the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has just confirmed that it is aware of "publicly available and functional" proof of concept (PoC) exploit code.


What's more, the CISA posting warns, "malicious cyber actors are targeting unpatched systems with the new PoC, according to recent open-source reports."