Vulnerability Protection

Vulnerabilities in Windows SMB Server Could Allow Remote Code Execution

Details

Report ID:

MS20170305

Date Published:

15 March 2017

Date Revised:

Criticality:

Critical

Compromise Type:

Remote code execution, information disclosure

Compromise From:

Remote

Affected Product/Component:

Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2
Windows 8.1
Windows Server 2012 and Windows Server 2012 R2
Windows RT 8.1
Windows 10
Windows Server 2016

Summary

Microsoft Windows Server Message Block (SMB) server was affected by multiple vulnerabilities that could be exploited into allowing remote code execution and information disclosure. 

Detailed Description

A total of six vulnerabilities were discovered in the Microsoft Windows Server Message Block (SMB) server, caused by the way that certain requests are handled. Five of them could lead to remote code execution and one could lead to information disclosure. These issues have been resolved in the latest security patch through corrective modifications and fixes. 

CVE Reference

CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0147, CVE-2017-0148

Solution

Install the latest security patch for applicable system, available for download from https://technet.microsoft.com/en-us/library/security/ms17-010

Source

Microsoft Security Bulletin MS17-010