SB2019031206 - Multiple vulnerabilities in Microsoft Windows SMB
Published: March 12, 2019 Updated: May 8, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2019-0703)
The vulnerability allows a remote authenticated attacker to gain access to potentially sensitive information.
The vulnerability exists due to the way that the Windows SMB Server handles certain requests. A remote authenticated user can gain unauthorized access to sensitive information on the system.
Note: this vulnerability has being exploited in the wild. The exploit code was detected in the Bemstour exploit tool in September 2018 and has being used by Buckeye (APT3) APT group.
2) Information disclosure (CVE-ID: CVE-2019-0821)
The vulnerability allows a remote authenticated attacker to gain access to potentially sensitive information.
The vulnerability exists due to the way that the Windows SMB Server handles certain requests. A remote authenticated user can gain unauthorized access to sensitive information on the system.
3) Information disclosure (CVE-ID: CVE-2019-0704)
The vulnerability allows a remote authenticated attacker to gain access to potentially sensitive information.
The vulnerability exists due to the way that the Windows SMB Server handles certain requests. A remote authenticated user can gain unauthorized access to sensitive information on the system.
Remediation
Install update from vendor's website.
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0703
- https://www.symantec.com/blogs/threat-intelligence/buckeye-windows-zero-day-exploit
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0821
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0704