Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Balledaa
Contributor
Contributor
‎2022-05-05 02:50 AM

Windows SMB Denial of Service Vulnerability

Our Administrator team has Discovered the use of Microsoft Server Message Block 1.0 (SMBv1) protocol on the server which is against security baseline and is deem as  non-compliance and poses a high risk of vulnerability. The vulnerability can allows denial of service when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability".

Their recommendation is to disable the protocol on the server to remediate the issue. 

Can anyone please help me to know more details about the impact this vulnerability can cause to QlikView systems and what actions should be taken.

 

Labels (1)
Labels
880 Views
0 Likes
1 Solution

Accepted Solutions
Albert_Candelario
Support
Support
‎2022-05-05 03:26 PM

In response to Balledaa

Hello @Balledaa ,

In QlikSense SMB3 is tested and can be used as it is mentioned Persistence ‒ Qlik Sense for administrators.

SMB1 is a quite old protocol, do you have a test machine were your file server admin can disable SM, so you could check is not impacting your QlikView environment.

As per the information on CVE-2017-0280 - Security Update Guide - Microsoft - Windows SMB Denial of Service Vulnerability seems the topic is more related to the server itself and Microsoft itself delivered a fix back in 2017 May 9, 2017—KB4019472 (OS Build 14393.1198) (microsoft.com) so as long as your OS is updated should be fine.

I hope this helps.

Cheers,

Albert

Please, remember to mark the thread as solved once getting the correct answer

View solution in original post

850 Views
3 Replies
Maria_Halley
Support
Support
‎2022-05-05 03:00 AM

@Balledaa

 

What product are you using? And what version. 

875 Views
0 Likes
Balledaa
Contributor
Contributor
‎2022-05-05 04:04 AM
Author

In response to Maria_Halley

Hello Maria,

Balledaa_0-1651737835127.png

We are using the above two products.

852 Views
0 Likes
Albert_Candelario
Support
Support
‎2022-05-05 03:26 PM

In response to Balledaa

Hello @Balledaa ,

In QlikSense SMB3 is tested and can be used as it is mentioned Persistence ‒ Qlik Sense for administrators.

SMB1 is a quite old protocol, do you have a test machine were your file server admin can disable SM, so you could check is not impacting your QlikView environment.

As per the information on CVE-2017-0280 - Security Update Guide - Microsoft - Windows SMB Denial of Service Vulnerability seems the topic is more related to the server itself and Microsoft itself delivered a fix back in 2017 May 9, 2017—KB4019472 (OS Build 14393.1198) (microsoft.com) so as long as your OS is updated should be fine.

I hope this helps.

Cheers,

Albert

Please, remember to mark the thread as solved once getting the correct answer
851 Views