|Number of vulnerabilities||1|
|CVE ID|| CVE-2017-0016
|CWE ID|| CWE-476
|Public exploit||Public exploit code for vulnerability #1 is available.|
|Vulnerable software versions||
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
2017-03-14: Severity of this vulnerability was decreased from critical to medium. Added information about security patch.
The vulnerability allows a remote attacker to cause denial of service.
The vulnerability exists due to a NULL pointer dereference error when processing Server Message Block (SMB) network traffic. A remote attacker can send specially crafted response, containing too many bytes following the structure defined in the SMB2 TREE_CONNECT Response structure and cause the affected system to crash.
Successful exploitation of the vulnerability may allow an attacker to perform a denial of service (DoS) attack.
Note: the exploit code for this vulnerability is publicly available.Remediation
Install updates from vendor's website.External links