Samba 445/ Esteem Audit

SambaCry

According to sources a new vulnerability has been found for Linux machines running Samba 3.5.0 or newer CVE-2017-7494. Samba is used to provide SMB and CIFS services for Linux systems and is quite prevalent in corporations as well as personal systems. This vulnerability allows a specially crafted packet to be sent to port 445 and the ability to have access to a writable share, inject a file, and potentially execute the file on the exploited system.  To see this vulnerability exploited on your own machine there is a Metasploit module found here and a Nessus plugin found here.

Samba has already released a patch as well as indicated a work around stating that by editing smb.conf file and changing the following line to match nt pipe support = no and restarting the smbd server.  Other distributors of the various flavors of Linux have also released and pushed patches as well. Also in good practices adding a firewall rule to disallow Samba network traffic from the internet facing systems is another way to mitigate this vulnerability.

EsteemAudit

Another unpatched vulnerability was discovered CVE-2017-9073.  This a vulnerability affecting only Windows XP and Windows Server 2003 RDP service.  The vulnerability lies within gpkcsp.dll which makes an unbound call in gpkcsp!MyCPAcquiredContext allowing for a buffer overflow to occur. There will be no patch released for this vulnerability as Microsoft no longer offers LTS for these operating systems.  This being said there are many companies and users that continue to use these unsupported operating systems.  Currently there are no modules from Metasploit or Nessus to scan.  There is an outside source BlackMathIT which has dropped a self-written module here.

An outside vendor EnSilo has released their own version of the patch which can be downloaded here. However, use at your own risk as this patch has not been verified by UHWO and is not endorsed. Best practices would be to update to a current Windows operating system that is supported.