Microsoft has released a security advisory for a remote code execution vulnerability recently discovered with SMBv3, the protocol commonly used within businesses for file sharing. To exploit an SMB server, an unauthenticated attacker only needs to send a specially crafted request. Exploiting a client is harder, as it would require the client to connect to an attacker-controlled server. So far, Microsoft has not detected any exploitation attempts with this vulnerability. Further information about the vulnerability has not yet been made available.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased