- May 7, 2002
- 10,376
- 762
- 126
Ouch!
The zero-day has received a CVSS base severity score of 10 out of 10. The score means the issue is easy to weaponize by unskilled attackers and can be exploited remotely.
...
There's no fix for this issue, but Microsoft will release a patch with the next Patch Tuesday updates, on February 14. US-CERT recommends that sysadmins block "outbound SMB connections (TCP ports 139 and 445 along with UDP ports 137 and 138) from the local network to the WAN," which will block users from connecting to Internet-based SMB servers. This limits the zero-day's effect to rogue SMB servers hosted on the same network, a less likely exploitation scenario.