Windows Network File System Remote Code Execution Vulnerabilities

Windows Network File System Remote Code Execution Vulnerabilities

Two high* level vulnerabilities related to Windows Network File System has just published.

Windows Network File System Remote Code Execution Vulnerabilities

The Remote Code Execution Vulnerabilities allow the attacker to get improper control of generation of code remotely on Windows Servers.

Affected Systems

  • Windows Server 2012 R2, Windows Server 2008 R2 x64, Windows Server 2016, Windows Server, version 20H2, Windows Server 2022, Windows Server 2019

IoC’s

-

Recommended Solution(s)

CVE-2022-22029 vulnerability is not exploitable in NFSV4.1. Prior to updating your version of Windows that protects against this vulnerability, you can mitigate an attack by disabling NFSV3. This may adversely affect your ecosystem and should only be used as a temporary mitigation.

The following PowerShell command will disable NFSV3:
Set-NfsServerConfiguration -EnableNFSV3 $false

Then reboot machine or restart NFS Server:
nfsadmin server stop
nfsadmin server start

It is highly recommended to install “Monthly Rollup” or “Security Only” releases listed below according to OS:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22029#securityUpdates

CVE / CWE

CVE-2022-22029
CVE-2022-22039

Related Website(s)

* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.