Overview
Microsoft Windows contains a memory corruption bug in the handling of SMB traffic, which may allow a remote, unauthenticated attacker to cause a denial of service on a vulnerable system.
Description
Microsoft Windows fails to properly handle traffic from a malicious server. In particular, Windows fails to properly handle a specially-crafted server response that contains too many bytes following the structure defined in the SMB2 TREE_CONNECT Response structure. By connecting to a malicious SMB server, a vulnerable Windows client system may crash (BSOD) in mrxsmb20.sys. We have confirmed the crash with fully-patched Windows 10 and Windows 8.1 client systems, as well as the server equivalents of these platforms, Windows Server 2016 and Windows Server 2012 R2. Note that there are a number of techniques that can be used to trigger a Windows system to connect to an SMB share. Some may require little to no user interaction. |
Impact
By causing a Windows system to connect to a malicious SMB share, a remote attacker may be able to cause a denial of service by crashing Windows. |
Solution
The CERT/CC is currently unaware of a practical solution to this problem. Please consider the following workarounds: |
Block outbound SMB |
Vendor Information (Learn More)
Vendor | Status | Date Notified | Date Updated |
---|---|---|---|
Microsoft Corporation | Affected | 01 Feb 2017 | 02 Feb 2017 |
CVSS Metrics (Learn More)
Group | Score | Vector |
---|---|---|
Base | 7.8 | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Temporal | 7.0 | E:POC/RL:U/RC:C |
Environmental | 7.0 | CDP:ND/TD:H/CR:ND/IR:ND/AR:ND |
References
- https://github.com/lgandx/PoC/tree/master/SMBv3%20Tree%20Connect
- https://msdn.microsoft.com/en-us/library/cc246499.aspx
- https://www.us-cert.gov/ncas/current-activity/2017/01/16/SMB-Security-Best-Practices
'취약점 정보2' 카테고리의 다른 글
한컴오피스 2월 정기 보안 업데이트 권고 (0) | 2017.02.07 |
---|---|
ipTIME 유선/백업 공유기 6종 펌웨어 9.98.8 배포 (0) | 2017.02.06 |
2017-02-03 주간 취약점 이슈 (0) | 2017.02.03 |
한컴오피스 2월업데이트 (0) | 2017.02.02 |
WordPress 보안 업데이트 권고 (0) | 2017.02.02 |