CVE-2022-22029 · Windows Network File System Remote Code Execution Vulnerability

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data.

How could an attacker exploit this vulnerability? This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).

Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation: This vulnerability is not exploitable in NFSV4.1. Prior to updating your version of Windows that protects against this vulnerability, you can mitigate an attack by disabling NFSV3. This may adversely affect your ecosystem and should only be used as a temporary mitigation. The following PowerShell command will disable NFSV3: Set-NfsServerConfiguration -EnableNFSV3 $false After this, you will need to restart NFS server or reboot the machine. To restart NFS server, start a cmd window with Run as Administrator, enter the following commands: nfsadmin server stop nfsadmin server start To confirm that NFSv3 has been turned off, run the following command in a PowerShell window: PS C:\Get-NfsServerConfiguration Here is the sample output, and notice the EnableNFSv3 is "False" now: State : Running LogActivity : CharacterTranslationFile : Not Configured DirectoryCacheSize (KB) : 128 HideFilesBeginningInDot : Disabled EnableNFSV2 : False Enabl...