Proof of concept code to exploit the vulnerability is now freely available online and has been integrated into common exploit frameworks and tools.
CVE-2020-1472 also affects several other products not previously covered by the advisory including, but not limited to:
- Samba implementations on Linux systems prior to v4.8. This includes all Linux distributions that utilise the official Samba packages.
In most cases, CVE-2020-1472 is a privilege escalation vulnerability. However, adversaries may be able exploit the vulnerability for initial access if a Domain Controller is internet-exposed.