Tenable, has released plugins for EternalDarkness (CVE-2020-0796), a “wormable” remote code execution (RCE) vulnerability in Microsoft Server Message Block 3.1.1 (SMBv3). The flaw would grant attackers arbitrary code execution in both SMB Server and SMB Client.
Details about the flaw were mistakenly disclosed earlier this week in a security vendor’s Microsoft Patch Tuesday blog post. Microsoft subsequently acknowledged the vulnerability publicly and published an advisory for it.
“This vulnerability is unique in a few ways, most notably the accidental disclosure and out-of-band patch. Microsoft rarely releases patches outside of its normal patch cycle, so this update should be taken very seriously,” said Renaud Deraison, co-founder and CTO, Tenable. “We implore organizations to patch their systems immediately as we’ve already seen proof-of-concept scripts to identify vulnerable instances, as well as attempts to exploit the flaw.”
Microsoft has released software updates to address CVE-2020-0796. Tenable urges customers to apply updates immediately. A list of Tenable plugins to identify the vulnerability is available here.