Microsoft Windows Network File System Remote Code Execution Vulnerability

Microsoft Windows Network File System Remote Code Execution Vulnerability

A critical* Remote Code Execution Vulnerability related to Windows Network File System (NFS) issued by Microsoft.

This vulnerability is currently awaiting analysis. This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).

Affected Systems

• Microsoft Windows Server

IoC’s

-

Recommended Solution(s)

This vulnerability is not exploitable in NFSV2.0 or NFSV3.0. Prior to updating your version of Windows that protects against this vulnerability, you can mitigate an attack by disabling NFSV4.1. This could adversely affect your ecosystem and should only be used as a temporary mitigation. It is highly recommended that NOT to apply this mitigation unless “May 2022 Windows security updates” have been installed. Those updates address CVE-2022-26937 which is a Critical vulnerability in NFSV2.0 and NFSV3.0.

It is recommended to apply the mitigation steps listed in the link below:

CVE / CWE

CVE-2022-30136

Related Website(s)

• https://nvd.nist.gov/vuln/detail/CVE-2022-30136
• https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30136

* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.