Multiple vulnerabilities in Microsoft Windows SMB Server

Published: 2017-03-14 22:38:35 | Updated: 2017-04-15
Severity Critical
Patch available YES
Number of vulnerabilities 6
CVE ID CVE-2017-0143
CVE-2017-0144
CVE-2017-0145
CVE-2017-0146
CVE-2017-0148
CVE-2017-0147
CVSSv3 9.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C]
9.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C]
9.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C]
9.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
9.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C]
5.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:H/RL:O/RC:C]
CWE ID CWE-20
CWE-200
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #2 is available.
Public exploit code for vulnerability #3 is available.
Vulnerability #4 is being exploited in the wild.
Public exploit code for vulnerability #5 is available.
Vulnerability #6 is being exploited in the wild.
Vulnerable software Windows
Windows Server
Vulnerable software versions Windows Vista
Windows 7
Windows 10
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Vendor URL Microsoft

Security Advisory

Five out of six vulnerabilities were used in targeted attacks, according to the latest Shadow Brokers leak. The exploit codes in question, dubbed as EternalBlue, EternalChampion, EternalRomance and EternalSynergyare publicly available. Therefore we are rising the severity level for this advisory to critical.

1) Improper input validation

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to an error when parsing requests in Microsoft Server Message Block 1.0 (SMBv1) server. A remote unauthenticated attacker can send specially crafted SMB packets and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

External links

https://technet.microsoft.com/en-us/library/security/MS17-010

2) Improper input validation

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to an error when parsing requests in Microsoft Server Message Block 1.0 (SMBv1) server. A remote unauthenticated attacker can send specially crafted SMB packets and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

External links

https://technet.microsoft.com/en-us/library/security/MS17-010

3) Improper input validation

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to an error when parsing requests in Microsoft Server Message Block 1.0 (SMBv1) server. A remote unauthenticated attacker can send specially crafted SMB packets and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

External links

https://technet.microsoft.com/en-us/library/security/MS17-010

4) Improper input validation

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to an error when parsing requests in Microsoft Server Message Block 1.0 (SMBv1) server. A remote unauthenticated attacker can send specially crafted SMB packets and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: this vulnerability has been exploited in the wild and is publicly known as EternalChampion exploit.

Remediation

Install updates from vendor's website.

External links

https://technet.microsoft.com/en-us/library/security/MS17-010

5) Improper input validation

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to an error when parsing requests in Microsoft Server Message Block 1.0 (SMBv1) server. A remote unauthenticated attacker can send specially crafted SMB packets and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

External links

https://technet.microsoft.com/en-us/library/security/MS17-010

6) Information disclosure

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to an error when parsing requests in Microsoft Server Message Block 1.0 (SMBv1) server. A remote unauthenticated attacker can send specially crafted SMB packets and gain access to potentially sensitive data.

Successful exploitation of this vulnerability may allow an attacker to gain access to potentially sensitive information.

Note: this vulnerability has been exploited in the wild and is publicly known as EternalChampion exploit.

Remediation

Install updates from vendor's website.

External links

https://technet.microsoft.com/en-us/library/security/MS17-010

Back to List