Home > News content

Microsoft Windows SMB Server Remote Code Execution Vulnerability

via:博客园     time:2017/10/12 17:01:40     readed:224

October 10, 2017 Microsoft's vulnerability patch fixes multiple security vulnerabilities, one of which is a code exploit for Microsoft Windows Server, and according to the official description of the vulnerability if it is used successfully, a remote attacker can execute arbitrary code on the target system, If the failure will lead to denial of service, there is a large business security risks.

The scope of the vulnerability affects

  • Microsoft Windows 10 Version1607 for 32-bit Systems
  • Microsoft Windows 10 Version1607 for x64-based Systems
  • Microsoft Windows 10 for 32-bitSystems
  • Microsoft Windows 10 forx64-based Systems
  • Microsoft Windows 10 version1511 for 32-bit Systems
  • Microsoft Windows 10 version1511 for x64-based Systems
  • Microsoft Windows 10 version1703 for 32-bit Systems
  • Microsoft Windows 10 version1703 for x64-based Systems
  • Microsoft Windows 7 for 32-bitSystems SP1
  • Microsoft Windows 7 for x64-basedSystems SP1
  • Microsoft Windows 8.1 for32-bit Systems
  • Microsoft Windows 8.1 forx64-based Systems
  • Microsoft Windows RT 8.1
  • Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
  • Microsoft Windows Server 2008 R2 for x64-based Systems SP1
  • Microsoft Windows Server 2008 for 32-bit Systems SP2
  • Microsoft Windows Server 2008 for Itanium-based Systems SP2
  • Microsoft Windows Server 2008 for x64-based Systems SP2
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2016

Bug fixes (or mitigation measures)

  • It is recommended to shut down the SMB service or use the security group public network entry, within the network into the direction of policy to prohibit 445,139 port access;

  • Microsoft officially released the patch to fix the loopholes, it is recommended that users upgrade the program as soon as possible, open the Windows Update feature, and then click the "check" button, according to the business situation to download and install the relevant security patches, restart the server after installation, check the system operation The

Information Reference:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11780

http://www.google.com/support

http://www.securityfocus.com/bid/101110/info

China IT News APP

Download China IT News APP

Please rate this news

The average score will be displayed after you score.

Post comment

Do not see clearly? Click for a new code.

User comments