Vulnerabilities in earlier versions of Microsoft Server Message Block (SMB) were used by the EternalBlue and EternalRomance exploits, notoriously utilised in the 2017 outbreaks of the WannaCry and NotPetya ransomware. These ransomware attacks were responsible for disrupting the National Health Service in the United Kingdom and crippling transportation, automotive and telecommunications companies in Europe.
Similar to these previous exploits, EternalDarkness is believed to be ‘wormable’, meaning it could be developed having the ability to propagate or ‘worm’ through vulnerable computer systems automatically, requiring no user interaction at all.
The ACSC is currently not aware of any publicly available exploits for the EternalDarkness vulnerability at this time, however it is likely one will be developed in the near future.
Recommendations
It is important that organisations and individuals operating older versions of Windows systems install Windows’ security vulnerability patch CVE-2020-0796, available at CVE-2020-0796 | Windows SMBv3 Client/Server Remote Code Execution Vulnerability
The affected version of Windows operating system include:
- Windows 10 Version 1903 for 32-bit Systems
- Windows 10 Version 1903 for ARM64-based Systems
- Windows 10 Version 1903 for x64-based Systems
- Windows 10 Version 1909 for 32-bit Systems
- Windows 10 Version 1909 for ARM64-based Systems
- Windows 10 Version 1909 for x64-based Systems
- Windows Server, version 1903 (Server Core installation)
- Windows Server, version 1909 (Server Core installation)
The ACSC recommends always installing manufacturers’ updates as soon as possible.
Further information
Further information about CVE-2020-0796 (EternalDarkness) can be found within Microsoft’s advisory.
Details on this vulnerability will be posted on MITRE’s CVE website.
To report a cybercrime, visit cyber.gov.au/report