CVE-2017-0016

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions 10 Gold, 1511, and 1607 Microsoft Windows 8.1 Microsoft Windows RT 8.1 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016

Description The issue is related to the improper handling of certain requests in SMBv2 and SMBv3 packets by the Server service, which can be exploited by remote attackers to execute arbitrary code via a crafted packet. This is also described as a null dereference denial of service vulnerability. The vulnerability is associated with pointer dereference errors in the Windows operating system's server service. Exploitation of the vulnerability could allow a remote attacker to access local files using specially crafted SMBv2 or SMBv3 packets.

Recommendations For Microsoft Windows 10 Gold, 1511, and 1607, update the system to address the issue. For Microsoft Windows 8.1, apply the recommended patch to fix the vulnerability. For Microsoft Windows RT 8.1, install the latest security update to resolve the issue. For Microsoft Windows Server 2012 R2, apply the necessary security patch to mitigate the risk. For Microsoft Windows Server 2016, update the system with the latest available patch to fix the vulnerability. As a temporary workaround, consider restricting access to the Server service to minimize the risk of exploitation.