Zero-Day in Windows Moves From A Critical Issue to High-Risk

  •  
  • 2
  •  
  •  
  •  
  •  
  •  
  •  
    2
    Shares

A 0-day vulnerability (CVE-2017-0016) that is affecting Windows’ SMBv3 (Server Message Block) protocol which was revealed last week is no longer considered as a Critical issue, but as a High-risk.

The issue resides in the way in which Windows handles SMB traffic and also allows an unauthenticated attacker to exploit and cause a denial of service remotely. This issue is basically triggered when a Windows client system which is vulnerable connects to a malicious SMB server.

SMB is basically an application-layer network protocol which provides computers to access files, serial ports, printers, and miscellaneous communications in between nodes on a local network. It offers an inter-process communication mechanism which is authenticated.

This flaw is revealed publicly after security researcher who discovered it has published a proof-of-concept exploit on the GitHub. The CERT Coordination Center (CERT/CC) at the Carnegie Mellon University assessed an issue as critical and even suggested that it can have a severity score of 10, as the possibility of exploitation for an arbitrary code execution.

In the meanwhile, however, the CERT revised the initial advisory and has removed all mentions of an arbitrary code execution, while also downgrading the severity score of the issue. With a CVSS (Common Vulnerability Scoring System) score of 7.8, the bug is now rated High risk in the updated advisory.

“To be vulnerable, a client needs to support SMBv3, which was introduced in Windows 8 for clients and Windows 2012 on servers,” Johannes B. Ullrich, Ph.D., Dean of Research for the SANS Technology Institute, notes.

Update:

 

“Windows is the only platform with a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible,” – a Microsoft spokesperson told the SecurityWeek in a statement. “Our standard policy is that on issues of low risk, we remediate that risk via our current Update Tuesday schedule.”

The following two tabs change content below.

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

Leave a Reply