Vulnerable computer systems and applications:
Windows operating systems.
SMB “Server Message Block” is a file-sharing protocol that allows various applications to access (and control) computers in the network or service station resources if they are configured to accept SMB requests. Because of the vulnerabilities in the protocol, open SMB ports (TCP 445, 139 and UDP 137, 138) could allow malicious software to take control of the device and exploit it for harmful purposes. Known SMB vulnerabilities:
- CVE-2017-0007-Device Guard Security Feature Bypass Vulnerability;
- CVE-2017-0016-SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability;
- CVE-2017-0039-Windows DLL Loading Remote Code Execution Vulnerability;
- CVE-2017-0057-Windows DNS Query Information Disclosure Vulnerability;
- CVE-2017-0100-Windows HelpPane Elevation of Privilege Vulnerability;
- CVE-2017-0104-iSNS Server Memory Corruption Vulnerability.
Microsoft has released fixes to these vulnerabilities for all vulnerable operating systems. You can find them here.
Recommendations for users:
- Disable access to TCP 445, 139 and UDP 137, 138 ports from an external network;
- Install or update used device protection systems;
- Install the latest operating system and application updates.