Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
An attacker with network access to an affected Windows 10 device can exploit this Microsoft Server Message Block 3.1.1 (SMBv3) vulnerability to acquire potentially sensitive information. Depending on the data accessed, the impact can be significant if important, proprietary, or customer data is disclosed.
Kill Chain
Risk Score
71
To exploit this SMB memory leak vulnerability, the attacker initiates a connection with a file server by sending a specially-designed SMBv3 packet. The SMB negotiation request from the attacker contains modified parameter values that allow uninitialized kernel memory to be stored in the response. As a result, the response from the server might disclose data that the attacker can leverage for future attacks.
This type of memory leak can occur in response to a legitimate SMBv3 negotiation request. Even if the request is from a legitimate source, the memory leak indicates that your environment is vulnerable to an attack and should be patched.
Install relevant patches for affected software and server versions
Restrict file share access to only authorized IP addresses and users
