Skip to main content

Qlik

cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Balledaa
Contributor
‎2022-05-05 02:50 AM

Windows SMB Denial of Service Vulnerability

Our Administrator team has Discovered the use of Microsoft Server Message Block 1.0 (SMBv1) protocol on the server which is against security baseline and is deem as  non-compliance and poses a high risk of vulnerability. The vulnerability can allows denial of service when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability".

Their recommendation is to disable the protocol on the server to remediate the issue. 

Can anyone please help me to know more details about the impact this vulnerability can cause to QlikView systems and what actions should be taken.

 

Labels (2)
Labels
1,545 Views
0 Likes
1 Solution

Accepted Solutions
Albert_Candelario
Support
‎2022-05-05 03:26 PM

In response to Balledaa

Hello @Balledaa ,

In QlikSense SMB3 is tested and can be used as it is mentioned Persistence ‒ Qlik Sense for administrators.

SMB1 is a quite old protocol, do you have a test machine were your file server admin can disable SM, so you could check is not impacting your QlikView environment.

As per the information on CVE-2017-0280 - Security Update Guide - Microsoft - Windows SMB Denial of Service Vulnerability seems the topic is more related to the server itself and Microsoft itself delivered a fix back in 2017 May 9, 2017—KB4019472 (OS Build 14393.1198) (microsoft.com) so as long as your OS is updated should be fine.

I hope this helps.

Cheers,

Albert

Please, remember to mark the thread as solved once getting the correct answer

View solution in original post

1,515 Views
3 Replies
Maria_Halley
Support
‎2022-05-05 03:00 AM

@Balledaa

 

What product are you using? And what version. 

1,540 Views
0 Likes
Balledaa
Contributor
‎2022-05-05 04:04 AM
Author

In response to Maria_Halley

Hello Maria,

Balledaa_0-1651737835127.png

We are using the above two products.

1,517 Views
0 Likes
Albert_Candelario
Support
‎2022-05-05 03:26 PM

In response to Balledaa

Hello @Balledaa ,

In QlikSense SMB3 is tested and can be used as it is mentioned Persistence ‒ Qlik Sense for administrators.

SMB1 is a quite old protocol, do you have a test machine were your file server admin can disable SM, so you could check is not impacting your QlikView environment.

As per the information on CVE-2017-0280 - Security Update Guide - Microsoft - Windows SMB Denial of Service Vulnerability seems the topic is more related to the server itself and Microsoft itself delivered a fix back in 2017 May 9, 2017—KB4019472 (OS Build 14393.1198) (microsoft.com) so as long as your OS is updated should be fine.

I hope this helps.

Cheers,

Albert

Please, remember to mark the thread as solved once getting the correct answer
1,516 Views
li.common.scroll-to.top