Main Vulnerability Database Vulnerabilities #VU6477

Information disclosure in Windows and Windows Server - CVE-2017-0268

Published: May 9, 2017

Vulnerability identifier: #VU6477

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-0268

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Windows
Windows Server

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server.

How to mitigate CVE-2017-0268

Install update from vendor's website.

Sources

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0268

Information disclosure in Windows and Windows Server - CVE-2017-0268

Detailed vulnerability description

How to mitigate CVE-2017-0268

Sources

Please verify you're human