A remote attacker can execute arbitrary commands with **SYSTEM** privileges by overwriting the token to a null value and forcing **PsImpersonateClient** to run, causing the running thread to use the primary token.

Resolution

Apply the fix referenced in MS17-010.

References

<https://technet.microsoft.com/en-us/library/security/ms17-010.aspx>

Limitations

Exploit works on Windows Server 2008 R2. The target system must allow anonymous access to the SAMR, NETLOGON, or LSARPC named pipe in order for this exploit to succeed.

Due to the nature of the vulnerability, the success of this exploit may vary depending on the state of the target system.

Platforms

Windows

avleonov 4

threatpost 4

packetstorm 6

cisa_kev 1

mscve 1

thn 6

zdt 7

trellix 2

malwarebytes 1

symantec 1

checkpoint_advisories 1

trendmicroblog 3

saint 2

kitploit 1

mmpc 4

fireeye 2

ics 2

rapid7blog 3

securelist 2

qualysblog 6

ibm 1

attackerkb 4

prion 5

cve 5

huawei 1

seebug 1

mskb 11

rapid7community 8

openvas 2

kaspersky 3

f5 1

nessus 2

mssecure 2

cisa 1

avleonov

Downloading entire Vulners.com database in 5 minutes

2017-08-09 17:49:03

Petya the Great and why *they* don’t patch vulnerabilities

2017-06-29 21:29:50

Is Vulnerability Management more about Vulnerabilities or Management?

2020-02-11 13:46:54

threatpost

EternalBlue Exploit Used in Retefe Banking Trojan Campaign

2017-09-22 14:02:28

PyRoMine Uses NSA Exploit for Monero Mining and Backdoors

2018-04-26 18:21:13

InvisiMole Group Resurfaces Touting Fresh Toolset, Gamaredon Partnership

2020-06-18 09:30:00

packetstorm

Microsoft Windows 7/2008 R2 x64 EternalBlue Remote Code Execution

2017-05-20 00:00:00

Microsoft Windows 8/2012 R2 x64 EternalBlue Remote Code Execution

2017-05-20 00:00:00

MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption

2017-05-17 00:00:00

cisa_kev

Microsoft SMBv1 Remote Code Execution Vulnerability

2022-02-10 00:00:00

mscve

Windows SMB Remote Code Execution Vulnerability

2017-03-14 07:00:00

thn

Vulnerability Scanning Frequency Best Practices

2021-12-06 12:22:00

InvisiMole Hackers Target High-Profile Military and Diplomatic Entities

2020-06-18 09:30:00

Cryptocurrency Mining Malware Infected Over Half-Million PCs Using NSA Exploit

2018-01-31 23:05:00

zdt

Microsoft Windows 7 / 2008 R2 (x64) - EternalBlue SMB Remote Code Execution (MS17-010) Exploit

2017-05-19 00:00:00

Microsoft Windows 8 / 2012 R2 (x64) - EternalBlue SMB Remote Code Execution (MS17-010) Exploit

2017-05-19 00:00:00

Microsoft Windows - Uncredentialed SMB RCE (MS17-010) Exploit

2017-04-17 00:00:00

trellix

How Groove Gang is Shaking up the RAAS to Empower Affiliates

2021-09-08 00:00:00

How Groove Gang is Shaking up the RAAS to Empower Affiliates

2021-09-08 00:00:00

malwarebytes

Threat spotlight: the curious case of Ryuk ransomware

2019-12-12 22:33:53

symantec

Microsoft Windows SMB Server CVE-2017-0144 Remote Code Execution Vulnerability

2017-03-14 00:00:00

checkpoint_advisories

Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-0144)

2017-03-14 00:00:00

trendmicroblog

WannaCry & The Reality Of Patching

2017-05-15 00:46:55

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 26, 2017

2017-06-30 12:00:57

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 15, 2017

2017-05-19 12:00:15

saint

Windows SMB PsImpersonateClient null token vulnerability

2017-07-13 00:00:00

Windows SMB PsImpersonateClient null token vulnerability

2017-07-13 00:00:00

kitploit

Eternal - An internet scanner for Eternal Blue [exploit CVE-2017-0144]

2017-07-22 20:30:00

mmpc

Ransomware 1H 2017 review: Global outbreaks reinforce the value of security hygiene

2017-09-06 14:58:36

New ransomware, old techniques: Petya adds worm capabilities

2017-06-28 06:57:43

When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks

2021-07-29 19:00:59

fireeye

CVE-2017-10271 Used to Deliver CryptoMiners: An Overview of Techniques Used Post-Exploitation and Pre-Mining

2018-02-15 16:30:00

CVE-2017-10271 Used to Deliver CryptoMiners: An Overview of Techniques Used Post-Exploitation and Pre-Mining

2018-02-15 11:30:00

ics

Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment

2023-12-15 12:00:00

Philips Intellispace Portal ISP Vulnerabilities

2018-02-27 12:00:00

rapid7blog

Metasploit Wrap-Up

2021-03-05 17:20:43

Open-Source Security: Getting to the Root of the Problem

2022-01-19 18:02:43

Conti Ransomware Group Internal Chats Leaked Over Russia-Ukraine Conflict

2022-03-01 19:15:58

securelist

A mining multitool

2018-07-26 10:00:25

APT trends report Q2 2019

2019-08-01 10:00:05

qualysblog

Conti Ransomware

2021-11-18 17:17:56

Emotet Re-emerges with Help from TrickBot

2022-01-06 14:05:53

The Rise of Ransomware

2021-10-05 12:50:00

ibm

Security Bulletin: Multiple vulnerabilities in Cloud Pak System

2019-10-24 21:43:28

attackerkb

CVE-2017-0148

2017-03-17 00:00:00

CVE-2017-0144 (MS17-010)

2017-03-17 00:00:00

CVE-2017-0143

2017-03-17 00:00:00

prion

Remote code execution

2017-03-17 00:59:00

Remote code execution

2017-03-17 00:59:00

Remote code execution

2017-03-17 00:59:00

cve

CVE-2017-0143

2017-03-17 00:59:00

CVE-2017-0146

2017-03-17 00:59:00

CVE-2017-0144

2017-03-17 00:59:00

huawei

Security Advisory - 'WannaCry ransomware' Vulnerabilities in Microsoft Windows Systems

2017-05-13 00:00:00

seebug

ETERNALBLUE - Remote RCE via SMB & NBT (Windows XP to Windows 2012)

2017-04-15 00:00:00

mskb

MS17-010: Description of the security update for Windows SMB Server: March 14, 2017

2017-03-14 07:00:00

MS17-010: Security update for Windows SMB Server: March 14, 2017

2017-03-14 00:00:00

March 2017 Security Only Quality Update for Windows Server 2012

2017-03-14 07:00:00

rapid7community

Vulnerability Management Tips for the Shadow Brokers Leaked Exploits

2017-05-24 23:14:26

Scanning and Remediating WannaCry/MS17-010 in InsightVM and Nexpose

2017-05-15 18:25:42

Petya-like ransomworm: Leveraging InsightVM and Nexpose for visibility into MS17-010

2017-08-03 16:56:04

openvas

Microsoft Windows SMB Server Multiple Vulnerabilities-Remote (4013389)

2017-03-22 00:00:00

Microsoft Windows SMB Server Multiple Vulnerabilities (4013389)

2017-03-15 00:00:00

kaspersky

KLA10977 Multiple vulnerabilities in Microsoft Server Message Block (SMB)

2017-03-14 00:00:00

KLA11902 Multiple vulnerabilities in Microsoft Products (ESU)

2017-03-14 00:00:00

KLA10979 Multiple vulnerabilities in Microsoft Windows

2017-03-14 00:00:00

K57181937 : Multiple Microsoft SMB (Wannacry/Wannacrypt/Petya/Goldeneye) vulnerabilities

2017-05-16 00:00:00

nessus

MS17-010: Security Update for Microsoft Windows SMB Server (4013389) (ETERNALBLUE) (ETERNALCHAMPION) (ETERNALROMANCE) (ETERNALSYNERGY) (WannaCry) (EternalRocks) (Petya)

2017-03-15 00:00:00

MS17-010: Security Update for Microsoft Windows SMB Server (4013389) (ETERNALBLUE) (ETERNALCHAMPION) (ETERNALROMANCE) (ETERNALSYNERGY) (WannaCry) (EternalRocks) (Petya) (uncredentialed check)

2017-03-20 00:00:00

mssecure

When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks

2021-07-29 19:00:59

When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure

2021-07-22 16:00:57

cisa

CISA Adds 15 Known Exploited Vulnerabilities to Catalog

2022-02-10 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON

Related for SAINT:64F70C2A6C3961CA44A77286E5B810CD