Security ID : QSA-24-42
Vulnerability in SMB Service (PWN2OWN 2024)
Release date : October 30, 2024
CVE identifier : CVE-2024-50387
Affected products: SMB Service 4.15.x, SMB Service h4.15.x
Severity
Critical
Status
Resolved
Summary
A vulnerability has been reported to affect SMB Service.
We have already fixed the vulnerability in the following versions:
| Affected Product | Fixed Version |
| SMB Service 4.15.x | SMB Service 4.15.002 and later |
| SMB Service h4.15.x | SMB Service h4.15.002 and later |
Recommendation
To fix the vulnerability, we recommend updating SMB Service to the latest version.
Updating SMB Service
- Log on to QTS or QuTS hero as an administrator.
- Open App Center and then click
.
A search box appears. - Type "SMB Service" and then press ENTER.
SMB Service appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your SMB Service is already up to date. - Click OK.
The system downloads the latest version. - Open SMB Service.
An update notice appears. - Read the notice carefully.
- Select I acknowledge and accept the terms and conditions associated with updating the SMB Service.
- Click Update.
The system updates the application.
Attachment
Acknowledgements: Pwn2Own 2024 - YingMuo working with DEVCORE Internship Program
Revision History:
V1.0 (October 30, 2024) - Published
