A denial of service vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An authenticated attacker who successfully exploited this vulnerability against an SMB Server could cause the affected system to crash. An unauthenticated attacker could also exploit this this vulnerability against an SMB client and cause the affected system to crash. To exploit the vulnerability against a server, an authenticated attacker could send a specially crafted packet to a targeted SMBv3 server. To exploit the vulnerability against a client, an unauthenticated attacker would need to configure a malicious SMBv3 server and convince a user to connect to it. The security update addresses the vulnerability by correcting how the SMBv3 protocol handles these specially crafted requests.
What steps can I take to protect my network? 1. Block TCP port 445 at the enterprise perimeter firewall TCP port 445 is used to initiate a connection with the affected component. Blocking this port at the network perimeter firewall will help protect systems that are behind that firewall from attempts to exploit this vulnerability. This can help protect networks from attacks that originate outside the enterprise perimeter. Blocking the affected ports at the enterprise perimeter is the best defense to help avoid Internet-based attacks. However, systems could still be vulnerable to attacks from within their enterprise perimeter. 2. Follow Microsoft guidelines to prevent SMB traffic from lateral connections and entering or leaving the network Preventing SMB traffic from lateral connections and entering or leaving the network Windows Server, version 2004 (Server Core installation) is in the Security Updates Table. Is Windows Server, version 2004 that is not Server Core installation affected by this vulnerability? No. Windows Server, version 2004 was released under the Semi-Annual Channel (SAC) channel. As such, only a Server Core installation is available. For more information Windows servicing channels, please see Servicing Channels-19
Microsoft Platform Security Assurance & Vulnerability Research