A 0-day vulnerability (CVE-2017-0016) that is affecting Windows’ SMBv3 (Server Message Block) protocol which was revealed last week is no longer considered as a Critical issue, but as a High-risk.
The issue resides in the way in which Windows handles SMB traffic and also allows an unauthenticated attacker to exploit and cause a denial of service remotely. This issue is basically triggered when a Windows client system which is vulnerable connects to a malicious SMB server.
SMB is basically an application-layer network protocol which provides computers to access files, serial ports, printers, and miscellaneous communications in between nodes on a local network. It offers an inter-process communication mechanism which is authenticated.
This flaw is revealed publicly after security researcher who discovered it has published a proof-of-concept exploit on the GitHub. The CERT Coordination Center (CERT/CC) at the Carnegie Mellon University assessed an issue as critical and even suggested that it can have a severity score of 10, as the possibility of exploitation for an arbitrary code execution.
In the meanwhile, however, the CERT revised the initial advisory and has removed all mentions of an arbitrary code execution, while also downgrading the severity score of the issue. With a CVSS (Common Vulnerability Scoring System) score of 7.8, the bug is now rated High risk in the updated advisory.
“To be vulnerable, a client needs to support SMBv3, which was introduced in Windows 8 for clients and Windows 2012 on servers,” Johannes B. Ullrich, Ph.D., Dean of Research for the SANS Technology Institute, notes.
Update:
“Windows is the only platform with a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible,” – a Microsoft spokesperson told the SecurityWeek in a statement. “Our standard policy is that on issues of low risk, we remediate that risk via our current Update Tuesday schedule.”