Beware! A fully functional SMBGhost exploit will be coming soon!
A proof-of-concept remote code execution exploit for the Windows 10 "SMBGhost" vulnerability (CVE-2020-0796) was developed and presented yesterday by Yuki Koike, a researcher by Ricerca Security.
The vulnerability, that only impacts specific versions of Windows 10 and Windows Server, was found in the Microsoft Server Message Block 3.1.1 and was leaked [2] during last month's Patch Tuesday after being accidentally published by a number of security vendors part of Microsoft Active Protections Program.
Researcher demoed a PoC RCE exploit, published a paper [1] with all the technical details, and shared a video demo:
Should I be worried?
Mildly! Ricerca Security has decided not to share their exploit to avoid having it fall in the wrong hands:
We have decided to make our PoC exclusively available to our customers to avoid abuse by script kiddies or cybercriminals
However, if you haven't yet patched your systems against CVE-2020-0796, you should do it as soon as possible and, if you can't update at the moment, Microsoft's recommends disabling SMBv3 compression: please refer to my previous post [2] for technical details.