Microsoft released an emergency security patch on March 12th to correct a critical vulnerability in Server Message Block (SMB) version 3, which is used for file sharing and other core network capabilities in Windows 10 and Windows Server 2019. Attackers who exploit this vulnerability against unpatched servers could spread the infection quickly from server to server throughout a corporate environment without any user interaction, referred to as a network worm attack. Attackers could also set up a malicious SMB server and attempt to trick people into connecting to it by sending a link in a phishing email message to compromise unpatched Windows 10 workstations. A combination of these attack vectors could target employee workstations to gain an initial foothold in a company’s network and then spread to all the servers. Sophos Labs has developed, but not released, a proof-of-concept exploit for CVE-2020-0796, so it is likely that threat actors will not be far behind in developing or stealing an exploit.
With all the news around COVID-19/Coronavirus, the average person is turning to the internet for