Description Preview
CVE-2019-0703 describes an information disclosure vulnerability in the Windows SMB Server’s handling of certain requests. If exploited remotely over a network, an attacker could access sensitive information from memory or data processed by the SMB service, depending on the server’s configuration. The CVSS v3.1 base score is 6.5 (Network attack vector, low privileges required, no user interaction, high confidentiality impact; no impact to integrity or availability). Affected products include a range of Windows client and Windows Server versions listed in the advisory, spanning editions from Windows 7 SP1 through Windows 10 versions up to 1809 and corresponding Windows Server releases.
Overview
CVE-2019-0703, known as the Windows SMB Information Disclosure Vulnerability, is an information disclosure flaw in the Windows SMB Server that can be triggered over the network by certain SMB requests. If exploited, it could leak sensitive information from affected Windows clients and servers. The vulnerability has a CVSS v3.1 base score of 6.5, with a network attack vector, low privileges required, no user interaction, high confidentiality impact, and no impact on integrity or availability.
Remediation
- Apply Microsoft-supplied security updates for CVE-2019-0703 to all affected Windows and Windows Server editions via Windows Update, WSUS, or your standard deployment tooling.
- If immediate patching isn’t possible, mitigate exposure by restricting SMB exposure:
- Block inbound SMB traffic (TCP ports 445 and 139) from untrusted networks and limit SMB access to trusted segments.
- Disable SMBv1 on all systems where it is not required, and ensure SMBv2/SMB3 are enabled and properly configured.
- If the SMB Server role is not needed, disable the Windows SMB Server/File and Printer Sharing features to reduce attack surface.
- Enforce network segmentation and strong firewall rules around SMB traffic; enable SMB signing and, where supported, encryption.
- Verify patch deployment with asset and vulnerability management tools and conduct post-patch validation.
- Monitor logs and security alerts for signs of exploitation and consult relevant advisories (e.g., CISA KEV) for indicators of compromise.
References
- Microsoft MSRC advisory CVE-2019-0703: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0703
- CISA Known Exploited Vulnerabilities Catalog – CVE-2019-0703: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-0703
- MITRE CVE entry for CVE-2019-0703: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0703
Early Warning
Customers using Armis Early Warning were notified about this vulnerability before it appeared in CISA's Known Exploited Vulnerabilities Catalog, enabling them to assess their exposure and act proactively. Armis offers these examples of CVEs already included in CISA KEV for potential customers. Click here to learn how to receive alerts earlier.
- Armis Alert Date
- Mar 13, 2019
- CISA KEV Date
- May 23, 2022
1167days early
Industry ExposureMost to leastThis section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
- ManufacturingManufacturing: Medium
- Health Care & Social AssistanceHealth Care & Social Assistance: Medium
- Public AdministrationPublic Administration: Medium
- Transportation & WarehousingTransportation & Warehousing: Medium
- Educational ServicesEducational Services: Medium
- Finance and InsuranceFinance and Insurance: Medium
- Retail TradeRetail Trade: Medium
- Professional, Scientific, & Technical ServicesProfessional, Scientific, & Technical Services: Low
- Arts, Entertainment & RecreationArts, Entertainment & Recreation: Low
- Other Services (except Public Administration)Other Services (except Public Administration): Low
- UtilitiesUtilities: Low
- InformationInformation: Low
- Management of Companies & EnterprisesManagement of Companies & Enterprises: Low
- Accommodation & Food ServicesAccommodation & Food Services: Low
- MiningMining: Low
- Agriculture, Forestry Fishing & HuntingAgriculture, Forestry Fishing & Hunting: Low
- Real Estate Rental & LeasingReal Estate Rental & Leasing: Low
- Administrative, Support, Waste Management & Remediation ServicesAdministrative, Support, Waste Management & Remediation Services: Low
- ConstructionConstruction: Low
- Wholesale TradeWholesale Trade: Low
