Windows Server Message Block Multiple Flaws Let Remote Authenticated Users Execute Arbitrary Code and Obtain Potentially Sensitive Information, Remote Users Deny Service, and Local Users Gain Elevated Privileges
|
SecurityTracker Alert ID: 1039528 |
SecurityTracker URL: http://securitytracker.com/id/1039528
|
CVE Reference:
CVE-2017-11780, CVE-2017-11781, CVE-2017-11782, CVE-2017-11815
(Links to External Site)
|
Date: Oct 10 2017
|
Impact:
Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via local system, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 7 SP1, 2008 R2 SP1, 2008 SP2, 2012, 8.1, 2012 R2, RT 8.1, 10, 10 Version 1511, 2016, 10 Version 1607, 10 Version 1703
|
Description:
Several vulnerabilities were reported in Windows Server Message Block. A remote user can cause denial of service conditions on the target system. A remote authenticated user can obtain potentially sensitive information on the target system. A remote authenticated user can execute arbitrary code on the target system. A local user can gain elevated privileges.
A remote authenticated user can send specially crafted data to the target Microsoft Server Message Block 1.0 (SMBv1) server to execute arbitrary code on the target system [CVE-2017-11780].
A remote user can send specially crafted SMB requests to cause the target system to crash [CVE-2017-11781].
A remote authenticated user can send a specially crafted packet to obtain potentially sensitive information on the target system [CVE-2017-11815].
A local anonymous user that can gain access to certain named pipes on a remote system that permit anonymous access can gain elevated privileges on the target system [CVE-2017-11782].
pesante (via Trend Micro's Zero Day Initiative) and Nicolas Joly of MSRC Vulnerabilities & Mitigations reported these vulnerabilities.
|
Impact:
A remote user can cause denial of service conditions.
A remote authenticated user can execute arbitrary code on the target system.
A remote authenticated user can obtain potentially sensitive information on the target system.
A local user can gain elevated privileges.
|
Solution:
The vendor has issued a fix.
The Microsoft advisories are available at:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11780
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11781
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11782
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11815
|
Vendor URL: portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11780 (Links to External Site)
|
Cause:
Access control error, State error
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|