CVE-2017-11781

HIGH

Description

The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows a denial of service vulnerability when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability".

References

http://www.securityfocus.com/bid/101140

http://www.securitytracker.com/id/1039528

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11781

Details

Source: MITRE

Published: 2017-10-13

Updated: 2017-10-20

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 7.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (9 total)

IDNameProductFamilySeverity
104384KB4042895: Windows 10 October 2017 Cumulative Update (KRACK)NessusWindows : Microsoft Bulletins
critical
103876Microsoft Windows SMB Server (2017-10) Multiple Vulnerabilities (uncredentialed check)NessusWindows
medium
103816Windows 2008 October 2017 Multiple Security Updates (KRACK)NessusWindows : Microsoft Bulletins
critical
103750Windows 8.1 and Windows Server 2012 R2 October 2017 Security Updates (KRACK)NessusWindows : Microsoft Bulletins
critical
103749KB4041691: Windows 10 Version 1607 and Windows Server 2016 October 2017 Cumulative Update (KRACK)NessusWindows : Microsoft Bulletins
critical
103748Windows Server 2012 October 2017 Security Updates (KRACK)NessusWindows : Microsoft Bulletins
critical
103747KB4041689: Windows 10 Version 1511 October 2017 Cumulative Update (KRACK)NessusWindows : Microsoft Bulletins
critical
103746Windows 7 and Windows Server 2008 R2 October 2017 Security Updates (KRACK)NessusWindows : Microsoft Bulletins
critical
103745KB4041676: Windows 10 Version 1703 October 2017 Cumulative Update (KRACK)NessusWindows : Microsoft Bulletins
critical