Описание
Windows SMB Client Remote Code Execution Vulnerability
Use after free in Windows SMBv3 Client allows an authorized attacker to execute code over a network.
FAQ
According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are low (PR:L). What does that mean for this vulnerability?
Exploitation of this vulnerability requires an authorized attacker on the domain to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.
According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to win a race condition.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Windows Server 2012 | ||
| Windows Server 2012 (Server Core installation) | ||
| Windows Server 2012 R2 | ||
| Windows Server 2012 R2 (Server Core installation) | ||
| Windows 10 for 32-bit Systems | ||
| Windows 10 for x64-based Systems | ||
| Windows Server 2016 | ||
| Windows 10 Version 1607 for 32-bit Systems | ||
| Windows 10 Version 1607 for x64-based Systems | ||
| Windows Server 2016 (Server Core installation) |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
4.8 Medium
CVSS3
Связанные уязвимости
Use after free in Windows SMBv3 Client allows an authorized attacker to execute code over a network.
Use after free in Windows SMBv3 Client allows an authorized attacker to execute code over a network.
Уязвимость клиента SMB операционных систем Windows, позволяющая нарушителю выполнить произвольный код
EPSS
4.8 Medium
CVSS3