"Wormable" Remote Code Execution Flaw in Microsoft SMBv3 Disclosed (ADV200005)

Microsoft recently published ADV200005, a security advisory for a critical flaw in Microsoft Server Message Block 3.1.1 (SMBv3) that was accidentally disclosed in another security vendor’s blog for Microsoft’s Patch Tuesday for March.

Initially identified as CVE-2020-0796, the security vendor published details about the vulnerability before quickly removing references to it. Security researchers on Twitter managed to take a screenshot of the blog before the content was removed. After some time, Microsoft acknowledged the flaw and published their own advisory. However, Microsoft did not reference the CVE that was accidentally disclosed earlier, simply referring to it as ADV200005.

Some security researchers are calling this vulnerability EternalDarkness because of its similarity to EternalBlue, specifically CVE-2017-0144, which was used as part of the Wannacry ransomware attacks in 2017.

Please note that there is currently no patch available for this vulnerability. When a patch does become available, we will publish a follow-up.

For more information about the vulnerability, including Tenable product coverage, please visit our blog.