Microsoft Security Bulletin MS17-010 - Critical

Microsoft Windows SMB Server Security Update (4013389)

Issued on: March 14, 2017

edition: one

executive summary

This security update addresses a vulnerability in Microsoft Windows. If an attacker sends a crafted message to the Microsoft Server Message Block 1.0 (SMBv1) server, the most serious vulnerability may allow remote code execution.

This security update is rated as critical for all supported versions of Microsoft Windows. For more information, see "Severity rating of affected software and vulnerabilities ”Section.

Security updates address vulnerabilities by correcting how SMBv1 handles tailor-made requests.

For more information about vulnerabilities, see "Vulnerability information ”Section.

For more information about this update, see Microsoft Knowledge Base article 4013389 。

Severity rating of affected software and vulnerabilities

The following software versions or versions were affected. Unlisted versions or versions are either beyond their supported lifecycle or not affected. To determine the software version or the support lifecycle of the version, see Microsoft Support Lifecycle 。

The severity rating indicated by each affected software assumes the maximum potential impact of the vulnerability. For information on the exploitability, severity rating and security impact of vulnerabilities within 30 days after the release of this security announcement, see the summary of the announcement in March In "Availability Index".

Please note that ， For new ways to use security update information, see the Security Update Guide 。 You can customize the view, create the affected software spreadsheet, and download data through the Restful API. For more information, see Security Reporting Guide FAQ 。 As a reminder, the safety report guide will replace the safety bulletin. For more details, see our blog post, Further promote our security update Commitment.

^one Since the October 2016 version, Microsoft has changed the update service model of Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2. For more information, see this Microsoft TechNet Article 。

^two This update can only be updated through Windows use 。

^three Windows 10 and Windows Server 2016 updates are cumulative. The monthly security version includes all security patches for vulnerabilities affecting Windows 10, as well as non security updates. Catalog can be updated via Microsoft obtain These updates. Please note that as of December 13, 2016, the cumulative details of Windows 10 and Windows Server 2016 will be recorded in the release notes. See the release notes for OS build numbers, known issues, and affected file list information.

Vulnerability Information

Multiple Windows SMB Remote Code Execution Vulnerabilities

The remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server processes certain requests. An attacker who successfully exploits the vulnerability can execute code on the target server.

In order to exploit the vulnerability, in most cases, an unauthenticated attacker may send a specially crafted packet to the target SMBv1 server.

Security updates address vulnerabilities by correcting how SMBv1 handles these specially formulated requests.

The following table contains links to standard entries for common vulnerabilities and each vulnerability in the public list:

Mitigation factors

Microsoft has not identified any of these vulnerabilities Mitigation factors 。

resolvent

The following solutions May help your situation:

• Disable SMBv1
  For customers running Windows Vista and later

  see also Microsoft Knowledge Base article 2696547 。

  Alternative method for customers running Windows 8.1 or Windows Server 2012 R2 and higher

  For client operating systems:

  1. open control panel , click "Program ” , and then click“ Turn Windows features on or off ".
  2. In the Windows feature window, clear SMB1.0/CIFS file sharing support Check the box and click OK ” Close the window.
  3. Restart the system.

  For the server operating system:

  1. open server manager , and then click“ Administration ”Menu and select“ Delete roles and features ”。
  2. In the Functions window, clear SMB1.0/CIFS file sharing support Check the box and click OK ” Close the window.
  3. Restart the system.

  Impact of solutions. The SMBv1 protocol will be disabled on the target system.

  How to undo the resolution. Withdraw the solution step and select SMB1.0/CIFS file sharing support Check box to restore the SMB1.0/CIFS file sharing support function to the active state.

Windows SMB Information Disclosure Vulnerability - CVE-2017-0147

There is an information disclosure vulnerability in the way the Microsoft Server Message Block 1.0 (SMBv1) server processes certain requests. An attacker who successfully exploits this vulnerability may create a special packet, which may lead to information disclosure of the server.

In order to exploit the vulnerability, in most cases, an unauthenticated attacker may send a specially crafted packet to the target SMBv1 server.

Security updates address vulnerabilities by correcting how SMBv1 handles these specially formulated requests.

The following table contains links to standard entries for common vulnerabilities and each vulnerability in the public list:

Mitigation factors

Microsoft has not identified any Mitigation factors 。

resolvent

The following solutions May help your situation:

• Disable SMBv1
  For customers running Windows Vista and later

  see also Microsoft Knowledge Base article 2696547 。

  Alternative method for customers running Windows 8.1 or Windows Server 2012 R2 and higher

  For client operating systems:

  1. open control panel , click "Program ” , and then click“ Turn Windows features on or off ".
  2. In the Windows feature window, clear SMB1.0/CIFS file sharing support Check the box and click OK ” Close the window.
  3. Restart the system.

  For the server operating system:

  1. open server manager , and then click“ Administration ”Menu and select“ Delete roles and features ”。
  2. In the Functions window, clear SMB1.0/CIFS file sharing support Check the box and click OK ” Close the window.
  3. Restart the system.

  Impact of solutions. The SMBv1 protocol will be disabled on the target system.

  How to undo the resolution. Withdraw the solution step and select SMB1.0/CIFS file sharing support Check box to restore the SMB1.0/CIFS file sharing support function to the active state.

Security Update Deployment

For security update deployment information, see the Microsoft Knowledge Base article referenced in the Executive Summary.

thank

Microsoft recognizes the efforts in the security community that help us protect customers by coordinating vulnerability disclosures. For more information, see also Confirm.

Disclaimer

The information provided in the Microsoft Knowledge Base is provided "as is" without any form of warranty. Microsoft does not express or imply all warranties, including warranties of merchantability and fitness and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages, including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers are informed of the possibility of such damages. Some states do not allow exclusion or limitation of liability for consequential or incidental damages, so the above limitations may not apply.

revise

• V1.0 (March 14, 2017): The announcement has been released.

Page generated 2017-05-08 07:15-07:00.