Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death (BSOD) crash of the Windows kernel. For most systems, this attack requires authentication, except in the special case of Windows Domain Controllers, where unauthenticated users can always open named pipes as long as they can establish an SMB session. Typically, after the BSOD, the victim SMBv3 server will reboot. (CVSS:7.8) (Last Update:2022-06-23)
http://dlvr.it/SSmmDY
Friday, June 24, 2022
Subscribe to:
Post Comments (Atom)
SG students undergo AI cybersecurity education - SecurityBrief Australia
SG students undergo AI cybersecurity education SecurityBrief Australia http://dlvr.it/SprWvM
-
Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution via an unserialize pop chain in __...
-
Cybersecurity quarterly benchmarks: Q1, 2022 Cybersecurity Dive http://dlvr.it/SPdcjS
-
NCUA cyber breach rule would give credit unions longer reporting window than banks Banking Dive http://dlvr.it/SVVF51
No comments:
Post a Comment