Vulnerability identifier: #VU17947

Vulnerability risk: Medium

CVSSv3.1: 3.4 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C]

CVE-ID: CVE-2019-0703

CWE-ID: CWE-200

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Windows
Operating systems & Components / Operating system
Windows Server
Operating systems & Components / Operating system

Vendor: Microsoft

Description

The vulnerability allows a remote authenticated attacker to gain access to potentially sensitive information.

The vulnerability exists due to the way that the Windows SMB Server handles certain requests. A remote authenticated user can gain unauthorized access to sensitive information on the system.

Note: this vulnerability has being exploited in the wild. The exploit code was detected in the Bemstour exploit tool in September 2018 and has being used by Buckeye (APT3) APT group.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Windows: 8.1 - 8.1 RT, 7, 10 - 10 1809

Windows Server: 2008 - 2019 1803

---

External links
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0703
http://www.symantec.com/blogs/threat-intelligence/buckeye-windows-zero-day-exploit

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.