We have been made aware of a new vulnerability – officially known in the industry as CVE-2020-0796, but currently being referred to as either ‘EternalDarkness’ or ‘SMBGhost’ – which affects Windows 10 and Windows Server 2019 (and is potentially able to affect Windows 8 and Windows Server 2016, 2012r2 and 2012 operating systems).
A feature which is intended to improve the performance of file sharing over a network is allowing the basic system security to be circumvented.
A hacker is able to run code with administrator level access, which can then take control of a remote system. Once in, the vulnerability is “wormable”, which means that it can move from machine to machine (affecting both PCs and servers) within a company, causing damage as it goes.
This is a serious vulnerability, and Microsoft are working on a formal security patch, which is yet to be released.
While it’s being worked on, we are following the industry’s advice to implement a workaround to secure our clients’ systems.
This involves configuring servers and workstations to ensure that they do not use or accept the potentially dangerous data and allows file sharing via a more secure, albeit slightly slower method, to be completed properly.
If you’re a projectfive customer and you’re on our Device Management service, we began rolling out a script to force through this change yesterday, to ensure that you are protected.
If you’re not on our Device management service and you have any concerns, please contact your Client Account Manager or Technical Account Manager and we’ll be happy to advise and help.