Microsoft CVE-2017-0144: Windows SMB Remote Code Execution Vulnerability

Back to Search

Microsoft CVE-2017-0144: Windows SMB Remote Code Execution Vulnerability

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

03/14/2017

Created

07/25/2018

Added

03/14/2017

Modified

10/30/2017

Description

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.To exploit the vulnerability, in most situations, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv1 server.The security update addresses the vulnerability by correcting how SMBv1 handles these specially crafted requests.

This vulnerability is exploited through EternalBlue and used in the WannaCry/WannaCrypt/WNCRY and NotPetya ransomware.

Solution(s)

msft-kb4012212-13c36c25-fee4-429f-933e-f93ebfbb91f5
msft-kb4012212-36e1591a-f6d3-44d2-aa25-540234b7eb36
msft-kb4012212-4ee6f09d-38d9-47ef-8ba9-dd802352b8ee
msft-kb4012212-652eea96-c2e8-4548-8f9a-40964e5e6a74
msft-kb4012212-c682d11d-fc2e-4852-9da7-c2198958bf6c
msft-kb4012212-fb31138f-b6a5-499c-9eb6-5b5f9fff6bfd
msft-kb4012213-317ca43c-7dfe-4e04-8a21-2c6c4ab4fbb9
msft-kb4012213-5d351df3-6efb-4b17-93e0-b0e3a5babbc3
msft-kb4012213-80bc2b42-a953-4096-8595-130e9a9c9fb9
msft-kb4012214-1949e6d5-95b0-4e90-acfb-73c9d295fbbf
msft-kb4012214-57dbd57f-89b2-4abb-8582-14fc17870bb8
msft-kb4012214-b4d71d8b-1f2d-4958-ad08-e379293d71e8
msft-kb4012598-22699699-94c3-4677-99e5-38cb4fb66401
msft-kb4012598-324162d3-2d68-4a64-93fc-948caad3b45c
msft-kb4012598-43db2dfd-c320-436a-94bf-5f094498fe68
msft-kb4012598-4d0386a5-2707-4e40-9d57-92e1f523c465
msft-kb4012598-5680ca8f-be92-4d13-8e4e-587aa462e838
msft-kb4012598-69eadaea-9a25-4cb4-8c6f-5f4603311eda
msft-kb4012598-6e52528b-7754-49ba-b39e-2a2a2b7c8c3a
msft-kb4012598-86ac3cc3-e972-41a8-ac78-45bc5a950faa
msft-kb4012598-9e189800-f354-4dc8-8170-7bd0ad7ca09a
msft-kb4012598-a679cafc-d8da-4c2a-9709-17a6e6a93f4f
msft-kb4012598-d4d15d30-e775-4f6f-b838-d3caca05a5e9
msft-kb4012598-ec4f955a-2fe7-45e6-bde1-1de91cbe874f
msft-kb4012598-fdb0df5f-8994-4e43-a37b-82544a1eff68
msft-kb4012606-384d5679-3c34-433f-8564-66fc5136a5e9
msft-kb4012606-6a38fe85-98ba-4ce2-b4eb-aed947d5c203
msft-kb4013198-477b54b9-913d-4c4e-8da8-01e0b4cf15ce
msft-kb4013198-6d9f75f7-d998-4188-a935-7603f4e51a4d
msft-kb4013429-724ee219-b949-4d44-9e02-e464c6062ae4
msft-kb4013429-74b1fe65-bd6b-4b76-a624-8674748898f2
msft-kb4013429-e29d1b22-493d-44dd-8857-7c6c7cb6d84c

Related Vulnerabilities

CVE - 2017-0144
4012212
4012213
4012214
4012598
4012606
4013198
4013429
MS17-010
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks
https://blogs.technet.microsoft.com/mmpc/2017/05/12/wannacrypt-ransomware-worm-targets-out-of-date-systems
https://blog.rapid7.com/2017/05/12/wanna-decryptor-wncry-ransomware-explained
https://blog.rapid7.com/2017/06/27/petya-ransomware-explained/

References

msft-kb4012212-13c36c25-fee4-429f-933e-f93ebfbb91f5
msft-kb4012212-36e1591a-f6d3-44d2-aa25-540234b7eb36
msft-kb4012212-4ee6f09d-38d9-47ef-8ba9-dd802352b8ee
msft-kb4012212-652eea96-c2e8-4548-8f9a-40964e5e6a74
msft-kb4012212-c682d11d-fc2e-4852-9da7-c2198958bf6c
msft-kb4012212-fb31138f-b6a5-499c-9eb6-5b5f9fff6bfd
msft-kb4012213-317ca43c-7dfe-4e04-8a21-2c6c4ab4fbb9
msft-kb4012213-5d351df3-6efb-4b17-93e0-b0e3a5babbc3
msft-kb4012213-80bc2b42-a953-4096-8595-130e9a9c9fb9
msft-kb4012214-1949e6d5-95b0-4e90-acfb-73c9d295fbbf
msft-kb4012214-57dbd57f-89b2-4abb-8582-14fc17870bb8
msft-kb4012214-b4d71d8b-1f2d-4958-ad08-e379293d71e8
msft-kb4012598-22699699-94c3-4677-99e5-38cb4fb66401
msft-kb4012598-324162d3-2d68-4a64-93fc-948caad3b45c
msft-kb4012598-43db2dfd-c320-436a-94bf-5f094498fe68
msft-kb4012598-4d0386a5-2707-4e40-9d57-92e1f523c465
msft-kb4012598-5680ca8f-be92-4d13-8e4e-587aa462e838
msft-kb4012598-69eadaea-9a25-4cb4-8c6f-5f4603311eda
msft-kb4012598-6e52528b-7754-49ba-b39e-2a2a2b7c8c3a
msft-kb4012598-86ac3cc3-e972-41a8-ac78-45bc5a950faa
msft-kb4012598-9e189800-f354-4dc8-8170-7bd0ad7ca09a
msft-kb4012598-a679cafc-d8da-4c2a-9709-17a6e6a93f4f
msft-kb4012598-d4d15d30-e775-4f6f-b838-d3caca05a5e9
msft-kb4012598-ec4f955a-2fe7-45e6-bde1-1de91cbe874f
msft-kb4012598-fdb0df5f-8994-4e43-a37b-82544a1eff68
msft-kb4012606-384d5679-3c34-433f-8564-66fc5136a5e9
msft-kb4012606-6a38fe85-98ba-4ce2-b4eb-aed947d5c203
msft-kb4013198-477b54b9-913d-4c4e-8da8-01e0b4cf15ce
msft-kb4013198-6d9f75f7-d998-4188-a935-7603f4e51a4d
msft-kb4013429-724ee219-b949-4d44-9e02-e464c6062ae4
msft-kb4013429-74b1fe65-bd6b-4b76-a624-8674748898f2
msft-kb4013429-e29d1b22-493d-44dd-8857-7c6c7cb6d84c

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2017-0144: Windows SMB Remote Code Execution Vulnerability