SMB: Microsoft Windows HTTP To SMB NTLM Reflection Privilege Escalation
This signature detects attempts to exploit a known vulnerability against Microsoft Windows. A successful attack can lead to elevation of privilege and arbitrary code execution.
Extended Description
A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'Microsoft Windows Security Feature Bypass Vulnerability'.
Affected Products
Microsoft windows_server_2016
Short Name
SMB:EXPLOIT:HTTP-SMB-REFL
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
SMB
Keywords
CVE-2019-1019 Escalation HTTP Microsoft NTLM Privilege Reflection SMB To Windows
Release Date
09/23/2019
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vmx-19.3
vsrx-19.2
srx-19.3
Sigpack Version
3415
False Positive
Unknown
Vendors
Microsoft
CVSS Score
6.0