Main Vulnerability Database Vulnerabilities #VU8320

Race condition in Windows and Windows Server - CVE-2017-0161

Published: September 12, 2017 / Updated: September 12, 2017

Vulnerability identifier: #VU8320

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-0161

CWE-ID: CWE-362

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Windows
Windows Server

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. A remote attacker can send specially crafted NetBT Session Service packets to the affected system and execute arbitrary code on the vulnerable system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2017-0161

Install updates from vendor's website.

Sources

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0161

Race condition in Windows and Windows Server - CVE-2017-0161

Detailed vulnerability description

How to mitigate CVE-2017-0161

Sources

Please verify you're human