Microsoft Windows File Server Shadow Copy Agent Service (RVSS) Vulnerability

Microsoft Windows File Server Shadow Copy Agent Service (RVSS) Vulnerability

A vulnerability related to Microsoft File Server Shadow Copy Agent Service (RVSS) has just published.

In case of successful exploitation of this vulnerability causes an attacker could affect the integrity of the shadow copy because they could create or delete a shadow copy file of SMB shares.

Affected Systems

• Microsoft Windows Server (2022, 2019, 2016, 2012 R2, 2012)

IoC’s

-

Recommended Solution(s)

The one who have the File Server VSS Agent Service running on their Windows Servers must install the June 14, 2022 or later Windows updates on both the Application Server and the File Server, to become protected and functional. Failure to install the updates on both machine roles could cause backup operations carried out by applications that previously worked to fail.

It is recommended to check up on the content in the links below:

CVE / CWE

CVE-2022-30154

Related Website(s)

• https://nvd.nist.gov/vuln/detail/CVE-2022-30154
• https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30154
• https://support.microsoft.com/help/5015527

* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.