Information disclosure in Windows and Windows Server - CVE-2019-0703
Published: March 12, 2019 / Updated: May 8, 2019
Vulnerability identifier: #VU17947
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Green
CVE-ID: CVE-2019-0703
CWE-ID: CWE-200
Exploitation vector: Adjecent network
Exploit availability:
The vulnerability is being exploited in the wild
Vendor: Microsoft
Affected software:
Windows
Windows Server
Windows
Windows Server
Detailed vulnerability description
The vulnerability allows a remote authenticated attacker to gain access to potentially sensitive information.
The vulnerability exists due to the way that the Windows SMB Server handles certain requests. A remote authenticated user can gain unauthorized access to sensitive information on the system.
Note: this vulnerability has being exploited in the wild. The exploit code was detected in the Bemstour exploit tool in September 2018 and has being used by Buckeye (APT3) APT group.
How to mitigate CVE-2019-0703
Install updates from vendor's website.