Scribd Logo
Importer

Bienvenue sur Scribd !

  • Critical Malware Infection Risk On Systems With Unpatched SMB1 Protocol

    Transféré par

    Infidel 305
    16 vues2 pages
    smb

    Titre original

    Critical Malware Infection Risk on Systems With Unpatched SMB1 Protocol

    Copyright

    © © All Rights Reserved

    Formats disponibles

    DOCX, PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    smb

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme DOCX, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    16 vues2 pages

    Critical Malware Infection Risk On Systems With Unpatched SMB1 Protocol

    Transféré par

    Infidel 305
    smb

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme DOCX, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 2

    Critical Malware Infection Risk on Systems With Unpatched

    SMB1 Protocol

    Severity:
    Status:
    Issue:

    Created: 4/4/18
    Last Changed: 4/4/18
    Classification: Risk

    Tags: Unknown

    Collapse All
    Description
    Remote code execution vulnerabilities exist in the way that the Microsoft Server Message Block 1.0
    (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerabilities
    could gain the ability to execute code on the target machine.

    To exploit the vulnerability, in most situations, an unauthenticated attacker could send a specially
    crafted packet to a targeted SMBv1 server.

    Security update MS17-010 addresses the vulnerabilities by correcting how SMBv1 handles these
    specially crafted requests.

    Read More
    For more information refer to Microsoft Security Bulletin MS17-010 - Critical: Security Update for
    Microsoft Windows SMB Server (4013389), at https://technet.microsoft.com/en-us/library/security/ms17-
    010.aspx.

    For more information on why not to use SMB1, see Stop using SMB1,
    at https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/

    Suggested Actions
    Install the update for the OS as per Microsoft Security Bulletin MS17-010 - Critical: Security Update for
    Microsoft Windows SMB Server (4013389), at https://technet.microsoft.com/en-us/library/security/ms17-
    010.aspx

    If you cannot install the update we recommend disabling SMBv1 as workaround:

    For machines running Windows Server 2008 and later see How to enable and disable SMBv1, SMBv2,
    and SMBv3 in Windows and Windows Server, at https://support.microsoft.com/en-us/help/2696547/how-to-
    enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-
    server-2008-r2,-windows-8,-and-windows-server-2012.
    Alternative method for machines running Windows Server 2012 R2 and later:

    1. Open Server Manager and then click the Manage menu and select Remove Roles
    and Features.

    2. In the Features window, clear the SMB1.0/CIFS File Sharing Support check box,
    and then click OK to close the window.

    3. Restart the system.

    Impact of the workaround is that the SMBv1 protocol will be disabled on the target system.

    To undo the workaround. Retrace the workaround steps, and select the SMB1.0/CIFS File Sharing
    Support check box to restore the SMB1.0/CIFS File Sharing Support feature to an active state.

    Comments
    Affected Objects (4)
    Name Type Status

    EXH20.RIVERSIDE.CMGOV.NET Server Active

    EXH40.RIVERSIDE.CMGOV.NET Server Active

    EXMB1.RIVERSIDE.CMGOV.NET Server Active

    exmb2.RIVERSIDE.CMGOV.NET Server Active

    Vous aimerez peut-être aussi