8.8 CVE-2019-0633

Enriched by CISA Used by Malware Patch
 

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0630.
https://nvd.nist.gov/vuln/detail/CVE-2019-0633

Categories

CWE-19

References

af854a3a-2127-422b-91ae-364da2661108 Patch

secure@microsoft.com Patch


 

AFFECTED (from MITRE)

Vendor Product Versions
Microsoft Windows Server
  • 2012 [affected]
  • 2012 (Core installation) [affected]
  • 2012 R2 [affected]
  • 2012 R2 (Core installation) [affected]
  • 2016 [affected]
  • 2016 (Core installation) [affected]
  • version 1709 (Core Installation) [affected]
  • version 1803 (Core Installation) [affected]
  • 2019 [affected]
  • 2019 (Core installation) [affected]
Microsoft Windows
  • 8.1 for 32-bit systems [affected]
  • 8.1 for x64-based systems [affected]
  • RT 8.1 [affected]
  • 10 for 32-bit Systems [affected]
  • 10 for x64-based Systems [affected]
  • 10 Version 1607 for 32-bit Systems [affected]
  • 10 Version 1607 for x64-based Systems [affected]
  • 10 Version 1703 for 32-bit Systems [affected]
  • 10 Version 1703 for x64-based Systems [affected]
  • 10 Version 1709 for 32-bit Systems [affected]
  • 10 Version 1709 for x64-based Systems [affected]
  • 10 Version 1803 for 32-bit Systems [affected]
  • 10 Version 1803 for x64-based Systems [affected]
  • 10 Version 1803 for ARM64-based Systems [affected]
  • 10 Version 1809 for 32-bit Systems [affected]
  • 10 Version 1809 for x64-based Systems [affected]
  • 10 Version 1809 for ARM64-based Systems [affected]
  • 10 Version 1709 for ARM64-based Systems [affected]
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

CPE

cpe start end
Configuration 1
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:itanium:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*

REMEDIATION

Patch

Url
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0633
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0633

EXPLOITS

Exploit-db.com

id description date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
No known exploits

CAPEC

Common Attack Pattern Enumerations and Classifications

id description severity
No entry