CVE-2018-0833

Name of the Vulnerable Software and Affected Versions Windows 8.1 and RT 8.1 Windows Server 2012 R2

Description The issue is related to how specially crafted requests are handled by the Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client, leading to a denial of service vulnerability. This vulnerability is caused by insufficient input validation in the mrxsmb.sys module, which implements the SMBv2/SMBv3 protocol in Windows operating systems. An attacker could exploit this vulnerability by sending a specially crafted packet, allowing them to cause a denial of service in the SMB client.

Recommendations For Windows 8.1 and RT 8.1, apply the necessary patches or updates to fix the issue. For Windows Server 2012 R2, apply the necessary patches or updates to fix the issue. As a temporary workaround, consider restricting access to the SMB client to minimize the risk of exploitation.