Windows SMB Information Disclosure Vulnerability

2017-03-14T07:00:00
ID MS:CVE-2017-0147
Type mscve
Reporter Microsoft
Modified 2017-03-14T07:00:00

Description

An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server.

To exploit the vulnerability, in most situations, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv1 server.

The security update addresses the vulnerability by correcting how SMBv1 handles these specially crafted requests.