SMB: Microsoft Windows DCERPC Bind Auth Level Packet Privacy Privilege Elevation
This signature detects attempts to exploit a known vulnerability in Microsoft Windows. A successful attack can lead to elevation of privilege and arbitrary code execution.
Extended Description
The SAM and LSAD protocol implementations in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 do not properly establish an RPC channel, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "Windows SAM and LSAD Downgrade Vulnerability" or "BADLOCK."
Affected Products
Microsoft windows_rt_8.1
References
CVE: CVE-2016-0128
Short Name
SMB:MS-CVE-2016-0128-PE
Severity
Minor
Recommended
False
Recommended Action
None
Category
SMB
Keywords
Auth Bind CVE-2016-0128 DCERPC Elevation Level Microsoft Packet Privacy Privilege Windows
Release Date
06/18/2020
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Microsoft
CVSS Score
5.8