Two high* level vulnerabilities related to Windows Network File System has just published.
The Remote Code Execution Vulnerabilities allow the attacker to get improper control of generation of code remotely on Windows Servers.
Affected Systems
IoC’s
-
Recommended Solution(s)
CVE-2022-22029 vulnerability is not exploitable in NFSV4.1. Prior to updating your version of Windows that protects against this vulnerability, you can mitigate an attack by disabling NFSV3. This may adversely affect your ecosystem and should only be used as a temporary mitigation.
The following PowerShell command will disable NFSV3:
Set-NfsServerConfiguration -EnableNFSV3 $false
Then reboot machine or restart NFS Server:
nfsadmin server stop
nfsadmin server start
It is highly recommended to install “Monthly Rollup” or “Security Only” releases listed below according to OS:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22029#securityUpdates
CVE / CWE
CVE-2022-22029
CVE-2022-22039
Related Website(s)
* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.
+90 216 504 53 32
Aydınevler Mahallesi,İsmet İnönü Cadddesi,Küçükyalı Ofis Park A Blok,No:20/1 Maltepe İstanbul
+90 312 235 44 51
You can register to our newsletter on the home page to be instantly informed about security vulnerabilities.