Multiple vulnerabilities in Microsoft Windows SMB

Published: 2019-03-12 23:50:15 | Updated: 2019-05-08
Severity Medium
Patch available YES
Number of vulnerabilities 3
CVE ID CVE-2019-0703
CVE-2019-0821
CVE-2019-0704
CVSSv3 3.4 [CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C]
3.1 [CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
3.1 [CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CWE ID CWE-200
Exploitation vector Local network
Public exploit Vulnerability #1 is being exploited in the wild.
Vulnerable software Windows
Windows Server
Vulnerable software versions Windows 8.1
Windows 7
Windows 10

Show more

Windows Server 2012
Windows Server 2012 R2
Windows Server 2008

Show more

Vendor URL Microsoft

Security Advisory

UPDATED: 08.05.2019
Vulnerability #1 was updated to reflect latest information from Symantec. Severity of this bulletin was increased to Medium.

1) Information disclosure

Description

The vulnerability allows a remote authenticated attacker to gain access to potentially sensitive information.

The vulnerability exists due to the way that the Windows SMB Server handles certain requests. A remote authenticated user can gain unauthorized access to sensitive information on the system.

Note: this vulnerability has being exploited in the wild. The exploit code was detected in the Bemstour exploit tool in September 2018 and has being used by Buckeye (APT3) APT group.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0703
https://www.symantec.com/blogs/threat-intelligence/buckeye-windows-zero-day-exploit

2) Information disclosure

Description

The vulnerability allows a remote authenticated attacker to gain access to potentially sensitive information.

The vulnerability exists due to the way that the Windows SMB Server handles certain requests. A remote authenticated user can gain unauthorized access to sensitive information on the system.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0821

3) Information disclosure

Description

The vulnerability allows a remote authenticated attacker to gain access to potentially sensitive information.

The vulnerability exists due to the way that the Windows SMB Server handles certain requests. A remote authenticated user can gain unauthorized access to sensitive information on the system.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0704

Back to List