Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-0749Corporation SMB Server vulnerability

8 documents6 sources
Severity
7.8HIGHNVD
EPSS
9.4%
top 7.18%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
18
Microsoft Corporation SMB ServerMicrosoft Windows 10Microsoft Windows Server 2008+15 more
Timeline
PublishedJan 4
Latest updateMay 13

Description

The Microsoft Server Message Block (SMB) Server in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way SMB Server handles specially crafted files, aka "Windows Elevation of Privilege Vulnerability".

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages16 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-543c-9vhf-865v: The Microsoft Server Message Block (SMB) Server in Windows 7 SP1, Windows 82022-05-13
Project0
Windows‌ ‌Exploitation‌ ‌Tricks:‌ ‌Spoofing‌ ‌Named‌ ‌Pipe‌ ‌Client‌ ‌PID‌ - Project Zero2019-09-01
Project0
Windows Kernel Logic Bug Class: Access Mode Mismatch in IO Manager - Project Zero2019-03-01

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows SMB Server (v1/v2) - Mount Point Arbitrary Device Open Privilege Escalation2018-01-11

📋Vendor Advisories

1
Microsoft
SMB Server Elevation of Privilege Vulnerability2018-01-09

🕵️Threat Intelligence

2
Talos
Microsoft Patch Tuesday - January 20182018-01-09
Talos
Microsoft Patch Tuesday - January 20182018-01-09