Home
Insightful &
Helpful Articles

Here is what we're working on and
thinking at Hedgehog security.

Age in Days
CVSS Score
Patch within next
Risk Level

540


10.0

Immediately

Critical

This vulnerability is 1 years 5 months and 22 days old there are exploits publicly available for it. The vulnerability itself is over a year old, and with there being exploits publicly available it is highly advisable that this vulnerability is patched immediately.

 

Synopsis

The remote Windows host is affected by multiple vulnerabilities including EternalBlue.

 

Vulnerability Description

The remote Windows host has Microsoft Server Message Block 1.0 (SMBv1) enabled. It is, therefore, affected by multiple vulnerabilities:

  • Multiple information disclosure vulnerabilities exist in Microsoft Server Message Block 1.0 (SMBv1) due to improper handling of SMBv1 packets. An unauthenticated, remote attacker can exploit these vulnerabilities, via a specially crafted SMBv1 packet, to disclose sensitive information. (CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, CVE-2017-0276)
  • Multiple denial of service vulnerabilities exist in Microsoft Server Message Block 1.0 (SMBv1) due to improper handling of requests. An unauthenticated, remote attacker can exploit these vulnerabilities, via a specially crafted SMB request, to cause the system to stop responding. (CVE-2017-0269, CVE-2017-0273, CVE-2017-0280)
  • Multiple remote code execution vulnerabilities exist in Microsoft Server Message Block 1.0 (SMBv1) due to improper handling of SMBv1 packets. An unauthenticated, remote attacker can exploit these vulnerabilities, via a specially crafted SMBv1 packet, to execute arbitrary code. (CVE-2017-0272, CVE-2017-0277, CVE-2017-0278, CVE-2017-0279)
Depending on the host's security policy configuration, this plugin cannot always correctly determine if the Windows host is vulnerable if the host is running a later Windows version (i.e., Windows 8.1, 10, 2012, 2012 R2, and 2016) specifically that named pipes and shares are allowed to be accessed remotely and anonymously. Tenable does not recommend this configuration, and the hosts should be checked locally for patches with one of the following plugins, depending on the Windows version: 100054, 100055, 100057, 100059, 100060, or 100061.

 

Solution

Apply the relevant Windows Patches or run the auto update facility.

 

Further Information


 

CVE References

CVE-2017-0267 NIST | MITRE | CVEDetails
CVE-2017-0268 NIST | MITRE | CVEDetails
CVE-2017-0270 NIST | MITRE | CVEDetails
CVE-2017-0271 NIST | MITRE | CVEDetails
CVE-2017-0274 NIST | MITRE | CVEDetails
CVE-2017-0275 NIST | MITRE | CVEDetails
CVE-2017-0276 NIST | MITRE | CVEDetails

 

Get in touch

Should you have any questions regarding this or any security matter, please do not hesitate to get in touch by emailing the Hedgehog Cyber Operations Team.

Whilst every effort is made to ensure the accuracy and robustness of any information presented, it is not possible for Hedgehog Cyber to test every possible scenario an organisation may face, and Hedgehog Cyber cannot be held liable for any loss or damage which may arise from taking action on any of the contents provided. Hedgehog Cyber strongly advises that all recommendations, solutions and detection methods detailed, are thoroughly reviewed and tested in non-production environments before being considered suitable for production release, in-line with any existing internal change control procedures.