MS.Windows.NFS.CVE-2022-30136.Remote.Code.Execution
Description
This indicates an attack attempt to exploit a Remote Code Execution Vulnerability in Microsoft Windows.
The vulnerability is due to improper handling of NFSv4 requests. A remote attacker can exploit this vulnerability by sending malicious RPC calls to a target server. Successful exploitation may result in arbitrary code execution under the context of SYSTEM. Unsuccessful exploitation results in a crash of the target system.
Affected Products
Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2
Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Microsoft Windows Server 2008 for x64-based Systems Service Pack 2
Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Microsoft Windows Server 2008 R2 Service Pack 1
Microsoft Windows Server 2008 R2 Service Pack 1 (Server Core Installation)
Microsoft Windows Server 2008 Service Pack 2
Microsoft Windows Server 2008 Service Pack 2 (Server Core Installation)
Microsoft Windows Server 2012
Microsoft Windows Server 2012 (Server Core installation)
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2012 R2 (Server Core installation)
Microsoft Windows Server 2016
Microsoft Windows Server 2016 (Server Core installation)
Microsoft Windows Server 2019
Microsoft Windows Server 2019 (Server Core installation)
Microsoft Windows Server 2022
Microsoft Windows Server version 20H2 (Server Core Installation)
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30136
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |