Vulnerability identifier: #VU13280
Vulnerability risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Windows
Operating systems & Components /
Operating system
Windows Server
Operating systems & Components /
Operating system
Vendor: Microsoft
Description
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to an error when Windows NT WEBDAV Minirdr attempts to query a WEBDAV directory. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger the system to send an SMB request and cause the affected system to crash.
Successful exploitation of the vulnerability may allow an attacker to perform a denial of service (DoS) attack.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Windows: 10
Windows Server: 2016
External links
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8175
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.