Microsoft Windows Server Message Block SMBv3 Denial of Service Vulnerability

Last Update Date: 10 Feb 2017 Release Date: 3 Feb 2017 4264 Views

RISK: High Risk

High Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

Microsoft Windows contains a memory corruption bug in the handling of SMB traffic, which may allow a remote, unauthenticated attacker to cause a denial of service or potentially execute arbitrary code on a vulnerable system.

 

Note: Exploit code for this vulnerability is publicly available.

Note: No official solution is currently available.

Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • Microsoft Windows 8
  • Microsoft Windows 10
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2016

Solutions

  • No official solution is currently available.
  • Workaround:
    • Consider blocking outbound SMB connections (TCP ports 139 and 445 along with UDP ports 137 and 138) from the local network to the WAN.
    • Please make sure those ports are not used by other services before applying
    • This workaound cannot prevent LAN based attacks.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Linux Kernel IPv6 Out-of-bounds Memory Read Vulnerability

9 Feb 2017 4198 Views

Next

Google Android Multiple Vulnerabilities

10 Feb 2017 4308 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY