Endpoint Vulnerability

Microsoft: Windows SMB Authenticated Remote Code Execution Vulnerability

Description

For Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 operating systems, a remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) Server handles certain requests when an authenticated attacker sends specially crafted packets to the SMBv1 server. The vulnerability does not impact other SMB Server versions. On later operating systems, an attacker who successfully exploited this vulnerability could cause the affected system to stop responding until it is manually restarted. To exploit the vulnerability, an attacker would first need to authenticate to the SMBv1 Server and have permission to open files on the target server before attempting the attack. The security update addresses the vulnerability by correcting how the Microsoft SMBv1 Server handles specially crafted requests.

Affected Products

Windows RT 8.1,Windows Vista x64 Edition Service Pack 2,Windows Server 2012,Windows 8,Windows 7,Windows 10,Windows Server 2008,Windows Vista Service Pack 2

References

CVE-2016-3345,