#VU17947 Information disclosure in Windows and Windows Server - CVE-2019-0703

Cybersecurity Help s.r.o.

Published: 2019-03-12 | Updated: 2019-05-08

Vulnerability identifier: #VU17947

Vulnerability risk: Medium

CVSSv4.0: 5.1 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Green]

CVE-ID: CVE-2019-0703

CWE-ID: CWE-200

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Windows
Operating systems & Components / Operating system
Windows Server
Operating systems & Components / Operating system

Vendor: Microsoft

Description

The vulnerability allows a remote authenticated attacker to gain access to potentially sensitive information.

The vulnerability exists due to the way that the Windows SMB Server handles certain requests. A remote authenticated user can gain unauthorized access to sensitive information on the system.

Note: this vulnerability has being exploited in the wild. The exploit code was detected in the Bemstour exploit tool in September 2018 and has being used by Buckeye (APT3) APT group.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Windows: 7, 8.1 RT - 8.1, 10 1607 10.0.14393.10, 10 1703 10.0.15063.138, 10 1709 10.0.16299.19, 10 1803 10.0.17134.48, 10 1809 10.0.17763.1, 10

Windows Server: 2008 R2 - 2008, 2012 R2 - 2012, 2016 10.0.14393.10, 2019 10.0.17763.1 - 2019 1803

External links
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0703
https://www.symantec.com/blogs/threat-intelligence/buckeye-windows-zero-day-exploit

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Microsoft Windows SMB