Wednesday, April 7, 2021

Status of Submitted Vulnerabilities To MSRC

This list is intended to give vague information about submitted bugs, but important information about communication process and timeline.

Bug Title: Microsoft SMBv1 Disabled Bypass

  • Affected software: Microsoft Servers 2019, 2016, 2012.
  • Type:Protocol Implementation Issue.
  • Submitted: 07/04/2021
  • Coordinated disclosure agreement expiration: 07/07/2021.
  • Notes and updates:

    -Complete detail was sent on 07/04/2021, ACK by MSRC on 08/04/2021.

    - MSRC ask for PoC

    - PoC sent with extra details.

    - MSRC ask to extend deadline to 13/07/2021 instead of 07/07/2021 since their July release is the 13th.

    - Agreed to MSRC's request and offer to provide more details if needed.

    - Requested update to MSRC on 16/04/2021

    - MSRC responded the 19/04/2021 and asked what is the security issue with having NetBIOS enabled by default.

    - A complete description on why it is a security concern was sent the same day.

    -  on 21/04/2021 a status update was requested.

  • *Check for more updates*.