Microsoft Windows SMBv1 Multiple Vulnerabilities

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host is affected by multiple vulnerabilities.

Description :

The remote Windows host has Microsoft Server Message Block 1.0 (SMBv1)
enabled. It is, therefore, affected by multiple vulnerabilities :

- Multiple information disclosure vulnerabilities exist
in Microsoft Server Message Block 1.0 (SMBv1) due to
improper handling of SMBv1 packets. An unauthenticated,
remote attacker can exploit these vulnerabilities, via a
specially crafted SMBv1 packet, to disclose sensitive
information. (CVE-2017-0267, CVE-2017-0268,
CVE-2017-0270, CVE-2017-0271, CVE-2017-0274,
CVE-2017-0275, CVE-2017-0276)

- Multiple denial of service vulnerabilities exist in
Microsoft Server Message Block 1.0 (SMBv1) due to
improper handling of requests. An unauthenticated,
remote attacker can exploit these vulnerabilities, via a
specially crafted SMB request, to cause the system to
stop responding. (CVE-2017-0269, CVE-2017-0273,
CVE-2017-0280)

- Multiple remote code execution vulnerabilities exist in
Microsoft Server Message Block 1.0 (SMBv1) due to
improper handling of SMBv1 packets. An unauthenticated,
remote attacker can exploit these vulnerabilities, via a
specially crafted SMBv1 packet, to execute arbitrary
code. (CVE-2017-0272, CVE-2017-0277, CVE-2017-0278,
CVE-2017-0279)

Depending on the host's security policy configuration, this plugin
cannot always correctly determine if the Windows host is vulnerable if
the host is running a later Windows version (i.e., Windows 8.1, 10,
2012, 2012 R2, and 2016) specifically that named pipes and shares are
allowed to be accessed remotely and anonymously. Tenable does not
recommend this configuration, and the hosts should be checked locally
for patches with one of the following plugins, depending on the
Windows version : 100054, 100055, 100057, 100059, 100060, or 100061.

See also :

http://www.nessus.org/u?c21268d4
http://www.nessus.org/u?b9253982
http://www.nessus.org/u?23802c83
http://www.nessus.org/u?8313bb60
http://www.nessus.org/u?7677c678
http://www.nessus.org/u?36da236c
http://www.nessus.org/u?0981b934
http://www.nessus.org/u?c88efefa
http://www.nessus.org/u?695bf5cc
http://www.nessus.org/u?459a1e8c
http://www.nessus.org/u?ea45bbc5
http://www.nessus.org/u?4195776a
http://www.nessus.org/u?fbf092cf
http://www.nessus.org/u?8c0cc566

Solution :

Apply the applicable security update for your Windows version :

- Windows Server 2008 : KB4018466
- Windows 7 : KB4019264
- Windows Server 2008 R2 : KB4019264
- Windows Server 2012 : KB4019216
- Windows 8.1 / RT 8.1. : KB4019215
- Windows Server 2012 R2 : KB4019215
- Windows 10 : KB4019474
- Windows 10 Version 1511 : KB4019473
- Windows 10 Version 1607 : KB4019472
- Windows 10 Version 1703 : KB4016871
- Windows Server 2016 : KB4019472

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false