Описание
Windows SMB Client Remote Code Execution Vulnerability
Use after free in Windows SMBv3 Client allows an authorized attacker to execute code over a network.
FAQ
According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are low (PR:L). What does that mean for this vulnerability?
Exploitation of this vulnerability requires an authorized attacker on the domain to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.
According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to win a race condition.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Windows Server 2012 | ||
| Windows Server 2012 (Server Core installation) | ||
| Windows Server 2012 R2 | ||
| Windows Server 2012 R2 (Server Core installation) | ||
| Windows 10 for 32-bit Systems | ||
| Windows 10 for x64-based Systems | ||
| Windows Server 2016 | ||
| Windows 10 Version 1607 for 32-bit Systems | ||
| Windows 10 Version 1607 for x64-based Systems | ||
| Windows Server 2016 (Server Core installation) |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
4.8 Medium
CVSS3
Связанные уязвимости
Use after free in Windows SMBv3 Client allows an authorized attacker to execute code over a network.
4.8 Medium
CVSS3