Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by the following vulnerabilities :
- Multiple remote code execution vulnerabilities exist in Microsoft Server Message Block 1.0 (SMBv1) due to improper handling of certain requests. An unauthenticated, remote attacker can exploit these vulnerabilities, via a specially crafted packet, to execute arbitrary code. (CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0148)
- An information disclosure vulnerability exists in Microsoft Server Message Block 1.0 (SMBv1) due to improper handling of certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information. (CVE-2017-0147)
ETERNALBLUE, ETERNALCHAMPION, ETERNALROMANCE, and ETERNALSYNERGY are four of multiple Equation Group vulnerabilities and exploits disclosed on 2017/04/14 by a group known as the Shadow Brokers. WannaCry / WannaCrypt is a ransomware program utilizing the ETERNALBLUE exploit, and EternalRocks is a worm that utilizes seven Equation Group vulnerabilities. Petya is a ransomware program that first utilizes CVE-2017-0199, a vulnerability in Microsoft Office, and then spreads via ETERNALBLUE.
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016. Microsoft has also released emergency patches for Windows operating systems that are no longer supported, including Windows XP, 2003, and 8.
Plugin Details
File Name: smb_nt_ms17-010.nasl
Agent: windows
Risk Information
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Temporal Vector: E:H/RL:OF/RC:C
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: E:H/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:microsoft:windows
Required KB Items: SMB/MS_Bulletin_Checks/Possible
Exploit Ease: Exploits are available
Patch Publication Date: 3/14/2017
Vulnerability Publication Date: 3/14/2017
CISA Known Exploited Dates: 5/3/2022, 8/10/2022, 4/15/2022, 4/27/2022, 6/14/2022
Exploitable With
CANVAS (CANVAS)
Core Impact
Metasploit (SMB DOUBLEPULSAR Remote Code Execution)
Reference Information
CVE: CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0147, CVE-2017-0148
BID: 96703, 96704, 96705, 96706, 96707, 96709
MSFT: MS17-010
MSKB: 4012212, 4012213, 4012214, 4012215, 4012216, 4012217, 4012606, 4013198, 4013429, 4012598
IAVA: 2017-A-0065
EDB-ID: 41891, 41987