Over 100,000 machines remain vulnerable to SMBGhost exploitation

From welivesecurity.com

Although Microsoft issued a patch for the critical SMBGhost vulnerability in the Server Message Block (SMB) protocol back in March, over 100,000 machines remain susceptible to attacks exploiting the flaw. This wormable Remote Code Execution (RCE) vulnerability could allow black hats to spread malware across machines without any need for user interaction.

The severity of the bug affecting Windows 10 and Windows Server (versions 1903 and 1909) should have convinced everybody to patch their machines immediately. However, according to Jan Kopriva, who disclosed his findings on the SANS ISC Infosec Forums, that doesn’t seem to be the case.

“I’m unsure what method Shodan uses to determine whether a certain machine is vulnerable to SMBGhost, but if its detection mechanism is accurate, it would appear that there are still over 103 000 affected machines accessible from the internet. This would mean that a vulnerable machine hides behind approximately 8% of all IPs which have port 445 open,” Kopriva said.

Read more…