CVE-2023-24898: Windows SMB Denial of Service Vulnerability

Overview

Severity

High (CVSS 7.5)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

Category

Denial of Service

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2023-May

Released

2023-05-09

EPSS Score

3.60% (percentile: 87.8%)

FAQ

What version of Windows Server 2022 is affected by this vulnerability? This vulnerability only affects the hotpatch version of Windows Server 2022. If you are not running this version of the operating system, no action is required for this vulnerability. What is SMB over QUIC? SMB over QUIC introduces an alternative to the TCP network transport, providing secure, reliable connectivity to edge file servers over untrusted networks like the Internet. QUIC is an IETF-standardized protocol with many benefits when compared to TCP. For more information, please visit: SMB over QUIC.

Affected Products (2)

Windows

• Windows Server 2022
• Windows Server 2022 (Server Core installation)

Security Updates (1)

• 5026456

Acknowledgments

<a href="https://twitter.com/nachoskrnl">Ben Barnea</a> with <a href="https://www.akamai.com/">Akamai Technologies</a>

Revision History

• 2023-05-09: Information published.