漏洞类别:Windows
漏洞等级: 
漏洞信息
ERRATICGOPHER is an exploit from the recent Shadow Brokers leak. This zero day exploit is remotely exploitable on systems running SMBv1.
This information comes from the Shadow Brokers' "Equation Group" data dump.
This Zero Day is actively being exploited with the "ERRATICGOPHER" exploit.
Affected Microsoft Operating Systems:
Windows XP
Windows 2003
QID Detection Logic:
This QID looks for SMBv1 registry keys "HKLM\SYSTEM\CurrentControlSet\Services\mrxsmb" and is posted if these keys are found on the following operating systems:
Windows 2003
Windows XP
漏洞危害
The tool "ERRATICGOPHER" is being actively used to exploit SMBv1.
Successful exploitation allows an unauthenticated, remote attacker to execute arbitrary code on a targeted server.
解决方案
There are no vendor supplied patches.
Microsoft recommends users to update to latest SMB version and stop using SMBv1.
Please refer to the Microsoft KB article KB2696547 for more details.
The following affected operating systems are End of Life and Microsoft provides no support:
Windows XP - End of life since April 8, 2014
Windows 2003 - End of life since July 14, 2015
Workaround:
Blocking SMB traffic at the Firewall can reduce the attack vector.
Refer to KB3185535 for more information.
0day
文章评论