A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HMicrosoft Windows 10 1903
OSMicrosoftwszystkie wersjeMicrosoft Windows 10 1909
OSMicrosoftwszystkie wersjeMicrosoft Windows Server 1903
OSMicrosoftwszystkie wersjeMicrosoft Windows Server 1909
OSMicrosoftwszystkie wersje
CISA KEV — detailsi
- Vendori
- Microsoft ↗
- Producti
- SMBv3
- Added to KEVi
- February 10, 2022
- Remediation deadline (US Federal)i
- August 10, 2022(overdue)
- Ransomwarei
- Active ransomware campaigns exploit this vulnerability
Apply updates per vendor instructions.
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client.
Related vulnerabilities
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properl...
Active Directory Domain Services Elevation of Privilege Vulnerability
Windows LSA Spoofing Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Windows User Profile Service Elevation of Privilege Vulnerability