Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2024/VULN458 _____________________________________________________________________ DATE : 31/10/2024 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Qnap SMB Service versions prior to 4.15.002, h4.15.002. ===================================================================== https://www.qnap.com/fr-fr/security-advisory/qsa-24-42 _____________________________________________________________________ Security ID : QSA-24-42 Vulnerability in SMB Service (PWN2OWN 2024) Release date : October 30, 2024 CVE identifier : CVE-2024-50387 Affected products: SMB Service 4.15.x, SMB Service h4.15.x Severity Critical Status Resolved Summary A vulnerability has been reported to affect SMB Service. We have already fixed the vulnerability in the following versions: Affected Product Fixed Version SMB Service 4.15.x SMB Service 4.15.002 and later SMB Service h4.15.x SMB Service h4.15.002 and later Recommendation To fix the vulnerability, we recommend updating SMB Service to the latest version. Updating SMB Service Log on to QTS or QuTS hero as an administrator. Open App Center and then click . A search box appears. Type "SMB Service" and then press ENTER. SMB Service appears in the search results. Click Update. A confirmation message appears. Note: The Update button is not available if your SMB Service is already up to date. Click OK. The application is updated. Acknowledgements: Pwn2Own 2024 - YingMuo working with DEVCORE Internship Program Revision History: V1.0 (October 30, 2024) - Published ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================