Denial of service when processing SMB requests in Microsoft Windows

Published: 2018-09-13 18:52:27
Severity Medium
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-8335
CVSSv3 6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CWE ID CWE-20
Exploitation vector Network
Public exploit Not available
Vulnerable software Windows
Windows Server
Vulnerable software versions Windows 8.1
Windows 10
Windows RT 8.1
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Vendor URL Microsoft

Security Advisory

1) Input validation error

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when processing SMB requests. A remote non-authenticated attacker can send a specially crafted SMB request to the affected system and make the system to stop accepting further SMB requests, triggering a denial of service condition.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8335

Back to List