Fortinet Discovers Microsoft Windows Server iSNS Server Service Memory Corruption Vulnerability
Fortinet's FortiGuard Labs has discovered a memory corruption vulnerability in iSNS Server service running on Microsoft Windows Server.
The Internet Storage Name Service (iSNS) protocol is used for interaction between iSNS servers and iSNS clients. iSNS clients are computers that are attempting to discover storage devices on an Ethernet network. iSNS servers provide intelligent storage discovery and management services, allowing a commodity IP network to function in a similar capacity as a storage area network. iSNS facilitates a seamless integration of IP networks and manages iSCSI devices. iSNS thereby provides value in any storage network comprised of iSCSI devices.
The memory corruption vulnerability exists due to insufficient validation of inputs in the iSNS Server service. An attacker may be able to exploit this to execute arbitrary code within the context of the SYSTEM account, via a crafted network packet.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Mar 15, 2017
Users should apply the solution provided by Microsoft.
Following products are affected by the vulnerability.
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016 for x64-based Systems
This vulnerability was discovered by Honggang Ren of Fortinet's FortiGuard Labs.