Microsoft has released a security advisory for a remote code execution vulnerability recently discovered with SMBv3, the protocol commonly used within businesses for file sharing. To exploit an SMB server, an unauthenticated attacker only needs to send a specially crafted request. Exploiting a client is harder, as it would require the client to connect to an attacker-controlled server. So far, Microsoft has not detected any exploitation attempts with this vulnerability. Further information about the vulnerability has not yet been made available.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is