Windows SMB Server Remote Code Execution Vulnerability ( CVE-2017-1178 )

October 10, 2017, Microsoft released the latest patch, one of the serious vulnerability patch release, the vulnerability for Microsoft’s Windows operating system SMB protocol remote code execution vulnerability, CVE number CVE-2017-11780. The vulnerability level is high. A number of system versions that affect Windows 7 to Windows 2016. Due to a large number of Windows systems used, the impact is broader. The securitydaily is here to remind the use of Windows users as soon as possible with the latest patch, so as not to be affected by the vulnerability.

According to the White Hat FOFA ( https://www.fofa.so ) system, there are currently 3251600 Microsoft Windows systems SMB services open. The United States, the largest use of a total of 12,96313; mainland China second, a total of 523798; Russia fourth, a total of 277954; Japan fifth, a total of 197636; Hong Kong, China Hong Kong fifth, a total of 90735.

Risk

High

Date Discovered

October 10, 2017

Description

Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code on the target system. Failed attacks will cause denial of service conditions.

Technologies Affected

  • Microsoft Windows 10 Version 1607 for 32-bit Systems
  • Microsoft Windows 10 Version 1607 for x64-based Systems
  • Microsoft Windows 10 for 32-bit Systems
  • Microsoft Windows 10 for x64-based Systems
  • Microsoft Windows 10 version 1511 for 32-bit Systems
  • Microsoft Windows 10 version 1511 for x64-based Systems
  • Microsoft Windows 10 version 1703 for 32-bit Systems
  • Microsoft Windows 10 version 1703 for x64-based Systems
  • Microsoft Windows 7 for 32-bit Systems SP1
  • Microsoft Windows 7 for x64-based Systems SP1
  • Microsoft Windows 8.1 for 32-bit Systems
  • Microsoft Windows 8.1 for x64-based Systems
  • Microsoft Windows RT 8.1
  • Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
  • Microsoft Windows Server 2008 R2 for x64-based Systems SP1
  • Microsoft Windows Server 2008 for 32-bit Systems SP2
  • Microsoft Windows Server 2008 for Itanium-based Systems SP2
  • Microsoft Windows Server 2008 for x64-based Systems SP2
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2016

Recommendations

Run all software as a nonprivileged user with minimal access rights.

To reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.

Deploy NIDS to monitor network traffic for signs of suspicious or anomalous activity. This may help detect malicious actions that an attacker may take after successfully exploiting vulnerabilities in applications. Review all applicable logs regularly.

Do not use client software to access unknown or untrusted hosts from critical systems.

Due to the nature of this issue, avoid using the client application to connect to unknown or untrusted hosts.

Implement multiple redundant layers of security.

Since this issue may be leveraged to execute code, we recommend memory-protection schemes, such as nonexecutable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploits of memory-corruption vulnerabilities.

Updates are available. Please see the references or vendor advisory for more information.
Reference: Symantec