Endpoint Vulnerability

Microsoft: Windows SMB Information Disclosure Vulnerability

Description

An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests. An authenticated attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploit the vulnerability, an attacker would have to be able to authenticate and send SMB messages to an impacted Windows SMB Server The security update addresses the vulnerability by correcting how Windows SMB Server handles authenticated requests.

Affected Products

Windows RT 8.1,Windows Server, version 1709 (Server Core Installation),Windows Server 2016,Windows Server, version 1803 (Server Core Installation),Windows Server 2012,Windows 8,Windows Server 2008,Windows 10,Windows 7,Windows Server 2019

References

CVE-2019-0703,