APP: Microsoft Windows CredSSP MITM Code Execution
This signature detects attempts to exploit a known vulnerability in Microsoft Windows applications that depend on the CredSSP component for authentication. Successful exploitation would allow the attacker to execute arbitrary code under the context of the user.
Extended Description
The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how CredSSP validates request during the authentication process, aka "CredSSP Remote Code Execution Vulnerability".
Affected Products
Microsoft windows_server_2016
Short Name
APP:MS-WIN-CREDSSP-MITM-CE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
APP
Keywords
CVE-2018-0886 Code CredSSP Execution MITM Microsoft Windows bid:103265
Release Date
04/03/2018
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
Port
TCP/3389
False Positive
Unknown
Vendors
Microsoft
CVSS Score
7.6