virus logo Intrusion Prevention

MS.Windows.NFS.CVE-2022-30136.Remote.Code.Execution

description-logoDescription

This indicates an attack attempt to exploit a Remote Code Execution Vulnerability in Microsoft Windows.
The vulnerability is due to improper handling of NFSv4 requests. A remote attacker can exploit this vulnerability by sending malicious RPC calls to a target server. Successful exploitation may result in arbitrary code execution under the context of SYSTEM. Unsuccessful exploitation results in a crash of the target system.

affected-products-logoAffected Products

Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2
Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Microsoft Windows Server 2008 for x64-based Systems Service Pack 2
Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Microsoft Windows Server 2008 R2 Service Pack 1
Microsoft Windows Server 2008 R2 Service Pack 1 (Server Core Installation)
Microsoft Windows Server 2008 Service Pack 2
Microsoft Windows Server 2008 Service Pack 2 (Server Core Installation)
Microsoft Windows Server 2012
Microsoft Windows Server 2012 (Server Core installation)
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2012 R2 (Server Core installation)
Microsoft Windows Server 2016
Microsoft Windows Server 2016 (Server Core installation)
Microsoft Windows Server 2019
Microsoft Windows Server 2019 (Server Core installation)
Microsoft Windows Server 2022
Microsoft Windows Server version 20H2 (Server Core Installation)

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30136

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2022-07-26 21.363 Default_action:pass:drop
2022-07-12 21.354
ID 51794
Created Jul 04, 2022
Updated Jul 25, 2022
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2022-30136
Exploit Prediction Score 88.91%
Default Action drop
Active
Affected OS Windows
Affected App Other