Microsoft Windows Network File System Remote Code Execution Vulnerability

Microsoft Windows Network File System Remote Code Execution Vulnerability

A Windows Services for Network File System (NFS) ONCRPC XDR Driver Remote Code Execution with a CVSS 3.1 score of 9.8 was released by Microsoft.

Servers that have installed the NFS are exposed to this vulnerability in rpcxdr.sys. An attacker would require read or write permission to any file on an NFS share on the victim system. If NFS is configured to allow anonymous access, then the victim system would be vulnerable to unauthenticated attackers. Even though no exploits regarding this vulnerability has been discovered yet, due to its severity/criticality, it is highly recommended that the following patches are downloaded to ensure the safety of systems/assets.

Affected Systems

The servers/systems specified in the recommended solutions section are affected by this vulnerability.

IoC’s

-

Recommended Solution(s)

Organizations using the following products are recommended to download the patches in the table below.

CVE / CWE

CVE-2021-26432

Related Website(s)

• https://nvd.nist.gov/vuln/detail/CVE-2021-26432
• https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26432

* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.