Lucene search

K
saintSAINT CorporationSAINT:DAEC4BA69103823E03C8F3C832C5B41D
HistoryApr 26, 2017 - 12:00 a.m.

Windows SMBv1 Remote Command Execution

2017-04-2600:00:00
SAINT Corporation
download.saintcorporation.com
698

EPSS

0.973

Percentile

99.9%

Added: 04/26/2017
CVE: CVE-2017-0143
BID: 96703

Background

Server Message Block (SMB) is the protocol used by Microsoft Windows computers to communicate over a network. SMBv1 was the first version of this protocol and is still supported by modern Windows versions.

Problem

A vulnerability in the handling of certain SMBv1 requests could allow a remote attacker to execute arbitrary commands.

Resolution

Apply the patch referenced in MS17-010, or disable SMBv1.

References

<https://technet.microsoft.com/en-us/library/security/ms17-010.aspx&gt;

Limitations

Exploit works on Windows 7 and Windows Server 2008 R2.

If the exploit succeeds against a 32-bit target, the target reboots when the command connection is closed.

Platforms

Windows 7
Windows Server 2008 R2