Red Security
News Unpatched Wormable Windows SMBv3 RCE Zero-day Flaw Leaked in Microsoft Security Updat - Printable Version

+- Red Security (https://redsecurity.info/cc)
+-- Forum: General (https://redsecurity.info/cc/Forum-General)
+--- Forum: News (https://redsecurity.info/cc/Forum-News)
+--- Thread: News Unpatched Wormable Windows SMBv3 RCE Zero-day Flaw Leaked in Microsoft Security Updat (/Thread-News-Unpatched-Wormable-Windows-SMBv3-RCE-Zero-day-Flaw-Leaked-in-Microsoft-Security-Updat)



Unpatched Wormable Windows SMBv3 RCE Zero-day Flaw Leaked in Microsoft Security Updat - Mr.Kurd - 03-12-2020

In The Name OF Allah
Al-Salam Alekum

[Image: unpatched-wormable-windows-smbv3-rce-fla...uesday.png]

Another remote attack exposed and this way every W10 user have to do a urgent update again..

Quote:The vulnerability resides exists in the SMBv3 protocol that handles the certain request, an attacker could exploit this vulnerability by sending a specially crafted packet to a vulnerable SMBv3 Server.


No technical details have been disclosed, security firms Fortinet, Tenable provides short summaries about the vulnerability.

The vulnerability occurs in the way the software handles the malicious request crafted through a compressed data packet. An unauthenticated attacker could exploit the vulnerability within the context of the application and gains control over the system.

“To exploit the vulnerability against an SMB Server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 server. To exploit the vulnerability against an SMB Client, an unauthenticated attacker would need to configure a malicious SMBv3 Server and convince a user to connect to it,” reads Microsoft statement.


The Source
Wa Salam Alekum