CVE-2022-34715 · Windows Network File System Remote Code Execution Vulnerability

How could an attacker exploit this vulnerability? This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).

What version of Network File System (NFS) is affected by this vulnerability? Servers that have Network File System version 4.0 (NFS 4.0) installed are affected by this vulnerability.

I am running a supported version of Windows Server. Is my system vulnerable to this issue? This vulnerability is only exploitable for systems that have the NFS role enabled. See NFS Overview for more information on this feature. More information on installing or uninstalling Roles or Role Services is available here.

Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation: Disable NFSV4.1 This vulnerability is not exploitable in NFSV2.0 or NFSV3.0. Prior to updating your version of Windows that protects against this vulnerability, you can mitigate an attack by disabling NFSV4.1. This could adversely affect your ecosystem and should only be used as a temporary mitigation. Warning You should NOT apply this mitigation unless you have installed all previous Windows security updates. To disable NFSV4.1, run the following PowerShell command: PS C:\Set-NfsServerConfiguration -EnableNFSV4 $false After running the command, you will need to restart the NFS server or reboot the machine. To restart NFS server, start a cmd window with Run as Administrator, enter the following commands: nfsadmin server stop nfsadmin server start To confirm that NFSv4.1 has been turned off, run the following command: PS C:\Get-NfsServerConfiguration In the output, verify that EnableNFSV4 is False EnableNFSV2 : True EnableNFSV3 : True Enable...