Vulnerability Note VU#867968
Microsoft Windows SMB Tree Connect Response denial of service vulnerability
Microsoft Windows contains a memory corruption bug in the handling of SMB traffic, which may allow a remote, unauthenticated attacker to cause a denial of service on a vulnerable system.
Microsoft Windows fails to properly handle traffic from a malicious server. In particular, Windows fails to properly handle a specially-crafted server response that contains too many bytes following the structure defined in the SMB2 TREE_CONNECT Response structure. By connecting to a malicious SMB server, a vulnerable Windows client system may crash (BSOD) in mrxsmb20.sys. We have confirmed the crash with fully-patched Windows 10 and Windows 8.1 client systems, as well as the server equivalents of these platforms, Windows Server 2016 and Windows Server 2012 R2.
Note that there are a number of techniques that can be used to trigger a Windows system to connect to an SMB share. Some may require little to no user interaction.
By causing a Windows system to connect to a malicious SMB share, a remote attacker may be able to cause a denial of service by crashing Windows.
The CERT/CC is currently unaware of a practical solution to this problem. Please consider the following workarounds:
Block outbound SMB
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||01 Feb 2017||02 Feb 2017|
CVSS Metrics (Learn More)
This vulnerability was publicly reported by PythonResponder.
This document was written by Will Dormann.
- CVE IDs: CVE-2017-0016
- Date Public: 01 Feb 2017
- Date First Published: 02 Feb 2017
- Date Last Updated: 03 Feb 2017
- Document Revision: 22
If you have feedback, comments, or additional information about this vulnerability, please send us email.