NULL dereference when processing SMB traffic in Microsoft Windows

Published: 2017-02-03 10:31:06 | Updated: 2017-03-14 22:29:32
Severity Medium
Patch available YES
Number of vulnerabilities 1
CVSSv2 8.3 (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
CVSSv3 9.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C]
CVE ID CVE-2017-0016
CWE ID CWE-476
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software Windows
Windows Server
Vulnerable software versions Windows 8.1
Windows 10
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Vendor URL Microsoft
Advisory type Public

Security Advisory

2017-03-14: Severity of this vulnerability was decreased from critical to medium. Added information about security patch.

1) NULL pointer dereference

Description

The vulnerability allows a remote attacker to cause denial of service.

The vulnerability exists due to a NULL pointer dereference error when processing Server Message Block (SMB) network traffic. A remote attacker can send specially crafted response, containing too many bytes following the structure defined in the SMB2 TREE_CONNECT Response structure and cause the affected system to crash.

Successful exploitation of the vulnerability may allow an attacker to perform a denial of service (DoS) attack.

Note: the exploit code for this vulnerability is publicly available.

Remediation

Install updates from vendor's website.

External links

http://www.kb.cert.org/vuls/id/867968 
https://github.com/lgandx/PoC/tree/master/SMBv3%20Tree%20Connect
https://technet.microsoft.com/en-us/library/security/MS17-012

Back to List