Távoli kódfuttatást lehetővé tevő sebezhetőség az SMBv3-ban

2020-03-11 19:24, hup.hu - Informatika

Távoli kódfuttatást lehetővé tevő sebezhetőség az SMBv3-ban Bug trey 2020. 03. 11., sze - 19:24 Windows Has A New Wormable Vulnerability, And There's No Patch In Sight https://t.co/13YZ14C5ER #news — packet storm (@packet_storm) March 11, 2020 Microsoft is aware of a remote code execution vulnerability in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target SMB Server or SMB Client. To exploit the vulnerability against an SMB Server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 Server. To exploit the vulnerability against an SMB Client, an unauthenticated attacker would need to configure a malicious SMBv3 Server and convince a user to connect to it. We will update this advisory when updates are available. If you wish to be notified when this advisory is updated, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.

Tovább »