CVE-2022-37958 The new EternalBlue, What you need to know!

Vulnerability Description:

A previously discovered Microsoft system issue was raised to a Critical vulnerability on December 13th when it was discovered that the issue could be exploited to achieve Remote Code Execution on Windows systems.

TLDR: Patch all your Windows systems ASAP starting with those that are internet facing.

Key details:

• Exploits are available See Tweet from user Chompie1337 with POC HERE

• Vulnerability is Wormable

• Wide spread exploitation is expected

• Vulnerable services makes for a large attack surface

• Internet facing systems are the first targets Shodan Search

Vulnerable services:

1. Common Internet File System - CIFS

2. Server Message Block - SMB

3. Web Services like IIS - HTTP

4. Remote Desktop Protocol - RDP

5. Remote Procedure Call Extensions - RPC

6. Simple Message Transfer Protocol - SMTP

7. Lightweight Directory Access Protocol - LDAP

Remediation/Fix:

Update Windows based systems with the September 2022 patch or any subsequent superseded patch see patch details HERE. Links/References:

• https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37958

• https://securityintelligence.com/posts/critical-remote-code-execution-vulnerability-spnego-extended-negotiation-security-mechanism/

• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37958

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37958

• https://arstechnica.com/information-technology/2022/12/critical-windows-code-execution-vulnerability-went-undetected-until-now/