SMB: Microsoft Windows SMB Server SMBv2 Smb2UpdateLeaseFileName Remote Code Execution
This signature detects attempts to exploit a known vulnerability against Microsoft Windows SMB Server SMBv2 Smb2UpdateLeaseFileName. A successful attack can lead to arbitrary code execution.
Extended Description
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0633.
Affected Products
Microsoft windows_server_2016
Short Name
SMB:OF:MS-WINDOWS-RCE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
SMB
Keywords
CVE-2019-0630 Code Execution Microsoft Remote SMB SMBv2 Server Smb2UpdateLeaseFileName Windows bid:106876
Release Date
06/03/2019
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Microsoft
CVSS Score
9.0