CVE-2017-0161
published 2017-09-13CVE-2017-0161: The Windows NetBT Session Services component on Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT…
PriorityP353high8.1CVSS 3.0
AVNACHPRNUINSUCHIHAH
EPSS
11.23%
95.4th percentile
The Windows NetBT Session Services component on Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to maintain certain sequencing requirements, aka "NetBIOS Remote Code Execution Vulnerability".
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
| microsoft_corporation | windows_netbt_session_services | — | — |
| msrc | windows_10 | — | — |
| msrc | windows_10_version_1511 | — | — |
| msrc | windows_10_version_1607 | — | — |
| msrc | windows_10_version_1703 | — | — |
| msrc | windows_7 | — | — |
| msrc | windows_8.1 | — | — |
| msrc | windows_rt_8.1 | — | — |
| msrc | windows_server_2008_r2 | — | — |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_server_2016 | — | — |
CVSS provenance
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_msrc8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xf8v-vf86-4582: The Windows NetBT Session Services component on Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8
ghsa_unreviewed·2022-05-17
CVE-2017-0161 [HIGH] CWE-362 GHSA-xf8v-vf86-4582: The Windows NetBT Session Services component on Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8
The Windows NetBT Session Services component on Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to maintain certain sequencing requirements, aka "NetBIOS Remote Code Execution Vulnerability".
Microsoft
NetBIOS Remote Code Execution Vulnerability
vendor_msrc·2017-09-12·CVSS 8.1
CVE-2017-0161 [HIGH] NetBIOS Remote Code Execution Vulnerability
NetBIOS Remote Code Execution Vulnerability
Description: A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. To exploit the vulnerability, an attacker needs to be able to send specially crafted NetBT Session Service packets to an impacted system.
An attacker who successfully exploits the vulnerability could execute arbitrary code on the target.
The security update addresses the vulnerability by correcting how NetBT sequences certain operations.
Windows NetBIOS: Windows NetBIOS
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely;Older Software Release:Exploitation Unlikely
Reference: https://catal
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday - September 2017
blogs_talos·2017-09-12·CVSS 8.1
[HIGH] Microsoft Patch Tuesday - September 2017
## Microsoft Patch Tuesday - September 2017
Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 81 new vulnerabilities with 27 of them rated critical, 52 rated important, and 2 rated moderate. These vulnerabilities impact Edge, Hyper-V, Internet Explorer, Office, Remote Desktop Protocol, Sharepoint, Windows Graphic Display Interface, Windows Kernel Mode Drivers, and more. In addition, Microsoft is also releasing an update for Adobe Flash Player embedded in Edge and Internet Explorer.
Note that the Bluetooth vulnerabilities known as "BlueBorne" that affected Windows have been patched in this latest release. For more information, please refer to CVE-2017-8628.
Qualys
September Patch Tuesday: 27 Critical Vulnerabilities from Microsoft, plus Critical Adobe Patches
blogs_qualys·2017-09-12·CVSS 8.1
[HIGH] September Patch Tuesday: 27 Critical Vulnerabilities from Microsoft, plus Critical Adobe Patches
Today Microsoft released a fairly large batch of patches covering 81 vulnerabilities as part of September’s Patch Tuesday update, with 38 of them impacting Windows. Patches covering 27 of these vulnerabilities are labeled as Critical, and 39 can result in Remote Code Execution (RCE). According to Microsoft, one critical vulnerability impacting HoloLens has a public exploit, and there are active malware campaigns exploiting a .NET vulnerability. Microsoft has also patched the BlueBorne vulnerability that could allow an attacker to perform a man-in-the-middle attack against a Windows system.
Top priority for patching should go to CVE-2017-0161 , an RCE vulnerability in NetBIOS that impacts both servers and workstations. For users of Microsoft’s DHCP server, priority should also be given to
Talos
Microsoft Patch Tuesday - September 2017
blogs_talos·2017-09-12·CVSS 8.1
[HIGH] Microsoft Patch Tuesday - September 2017
Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 81 new vulnerabilities with 27 of them rated critical, 52 rated important, and 2 rated moderate. These vulnerabilities impact Edge, Hyper-V, Internet Explorer, Office, Remote Desktop Protocol, Sharepoint, Windows Graphic Display Interface, Windows Kernel Mode Drivers, and more. In addition, Microsoft is also releasing an update for Adobe Flash Player embedded in Edge and Internet Explorer.
Note that the Bluetooth vulnerabilities known as "BlueBorne" that affected Windows have been patched in this latest release. For more information, please refer to CVE-2017-8628.
## Vulnerabilities Rated CriticalThe followi
Qualys
September Patch Tuesday: 27 Critical Vulnerabilities from Microsoft, plus Critical Adobe Patches | Qualys
blogs_qualys·2017-09-12·CVSS 8.1
[HIGH] September Patch Tuesday: 27 Critical Vulnerabilities from Microsoft, plus Critical Adobe Patches | Qualys
Today Microsoft released a fairly large batch of patches covering 81 vulnerabilities as part of September’s Patch Tuesday update, with 38 of them impacting Windows. Patches covering 27 of these vulnerabilities are labeled as Critical, and 39 can result in Remote Code Execution (RCE). According to Microsoft, one critical vulnerability impacting HoloLens has a public exploit, and there are active malware campaigns exploiting a .NET vulnerability. Microsoft has also patched the BlueBorne vulnerability that could allow an attacker to perform a man-in-the-middle attack against a Windows system.
Top priority for patching should go to CVE-2017-0161, an RCE vulnerability in NetBIOS that impacts both servers and workstations. For users of Microsoft’s DHCP server, priority should also be given to C
http://www.securityfocus.com/bid/100728http://www.securitytracker.com/id/1039318https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0161http://www.securityfocus.com/bid/100728http://www.securitytracker.com/id/1039318https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0161
2017-09-13
Published