11 June 2020

SMBleed, SMBLost, and SMBGhost/CoronaBlue are the vulnerabilities detected in the Microsoft SMB V3 protocol this year.

Critical SMB Protocol Vulnerabilities

SMBleed/SMBGhost can be used to compromise a company network by attacking a system in the DMZ with port 445 open to the internet. Fortunately, SMBleed and SMBGhost impact only the latest Windows 10 versions. The number of Windows 10 systems directly accessible from the internet is still small.

Vulnerable Windows 10 1909 Pro Systems

Like EternalBlue, SMBLost impacts all Windows versions but is less critical because authentication (PR:L) is required.

The good news is that patches were available at the time the vulnerabilities were published. But it takes some weeks to implement them. During this time companies remain vulnerable against cyber-attacks.

Vulnerability management / priority patching is the standard approach to this kind of vulnerabilities. IT staff is kept busy, IT security solution and service providers make a good bargain, but the company’s resilience against cyber-attacks stays low. Companies can only hope that also the next SMB vulnerability is disclosed after a patch is available.

From an entrepreneurial point of view the obvious solution is to remove such systems from the internet. A risk assessment is imperative to evaluate the potential loss of sales and the costs of recovering from a cyber-attack. If the recovery costs exceed the potential loss of sales the system should be removed. This will slightly reduce IT costs but increase the resilience against such kind of cyber-attacks.

It is high time to evaluate IT[-security solutions] from an entrepreneurial point of view, in terms of Loss of Sales and Loss of EBIT.

Have a great weekend.