Added: 03/15/2018
CVE: CVE-2017-0146
BID: 96707
Server Message Block (SMB) is the protocol used by Microsoft Windows computers to communicate over a network. SMBv1 was the first version of this protocol and is still supported by modern Windows versions.
A race condition when handling Transaction requests, combined with type confusion between WriteAndX and Transaction requests, allows remote attackers to overwrite the connection session information with an Administrator session, leading to command execution.
Apply the patch referenced in MS17-010, or disable SMBv1.
<https://technet.microsoft.com/en-us/library/security/ms17-010.aspx>
Exploit works on Windows Vista through Windows 10. The target must allow anonymous access to the **netlogon**
named pipe in order to succeed.
Due to the nature of the vulnerability, the success of this exploit may depend on the targetâs state. Success is more likely after the target is rebooted.
Windows