#VU17947 Information disclosure in Windows and Windows Server - CVE-2019-0703
Published: March 12, 2019 / Updated: May 8, 2019
Vulnerability identifier: #VU17947
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Green
CVE-ID: CVE-2019-0703
CWE-ID: CWE-200
Exploitation vector: Adjecent network
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
Windows
Windows Server
Windows
Windows Server
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a remote authenticated attacker to gain access to potentially sensitive information.
The vulnerability exists due to the way that the Windows SMB Server handles certain requests. A remote authenticated user can gain unauthorized access to sensitive information on the system.
Note: this vulnerability has being exploited in the wild. The exploit code was detected in the Bemstour exploit tool in September 2018 and has being used by Buckeye (APT3) APT group.
Remediation
Install updates from vendor's website.