March 13, 2020
Tenable®, Inc., the Cyber Exposure company, has released plugins for EternalDarkness (CVE-2020-0796), a “wormable” remote code execution (RCE) vulnerability in Microsoft Server Message Block 3.1.1 (SMBv3). The flaw would grant attackers arbitrary code execution in both SMB Server and SMB Client.
Details about the flaw were mistakenly disclosed earlier this week in a security vendor’s Microsoft Patch Tuesday blog post. Microsoft subsequently acknowledged the vulnerability publicly and published an advisory for it.
“This vulnerability is unique in a few ways, most notably the accidental disclosure and out-of-band patch. Microsoft rarely releases patches outside of its normal patch cycle, so this update should be taken very seriously,” said Renaud Deraison, co-founder and CTO, Tenable. “We implore organizations to patch their systems immediately as we’ve already seen proof-of-concept scripts to identify vulnerable instances, as well as attempts to exploit the flaw.”
Microsoft has released software updates to address CVE-2020-0796. Tenable urges customers to apply updates immediately. A list of Tenable plugins to identify the vulnerability is available here.
For more information about the vulnerability, read the Tenable Research blog post.
Tenable®, Inc. is the Cyber Exposure company. Over 30,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 30 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.
443-545-2102, x 1544