QID 91924
Date Published: 2022-07-13
QID 91924: Microsoft Windows Network File System (NFS) Security Update for July 2022
Microsoft Windows Network File System is vulnerable to Information Disclosure Vulnerability (CVE-2022-22028) and Remote Code Execution Vulnerability (CVE-2022-22039).
The KB Articles associated with the update are:
KB5015874
KB5015877
KB5015863
KB5015875
KB5015861
KB5015862
KB5015866
KB5015870
KB5015808
KB5015807
KB5015827
KB5015811
QID Detection Logic (Authenticated):
This QID checks for the file version of nfssvr.sys.
This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).
Solution
Please refer to the CVE-2022-22028 and CVE-2022-22039 for more information pertaining to these vulnerabilities.
Vendor References
- CVE-2022-22028 -
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22028 - CVE-2022-22039 -
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22039
CVEs related to QID 91924
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| KB5015807 |
support.microsoft.com/en-in/help/5015807 |
||
| KB5015808 |
support.microsoft.com/en-in/help/5015808 |
||
| KB5015811 |
support.microsoft.com/en-in/help/5015811 |
||
| KB5015827 |
support.microsoft.com/en-in/help/5015827 |
||
| KB5015861 |
support.microsoft.com/en-in/help/5015861 |
||
| KB5015862 |
support.microsoft.com/en-in/help/5015862 |
||
| KB5015863 |
support.microsoft.com/en-in/help/5015863 |
||
| KB5015866 |
support.microsoft.com/en-in/help/5015866 |
||
| KB5015870 |
support.microsoft.com/en-in/help/5015870 |
||
| KB5015874 |
support.microsoft.com/en-in/help/5015874 |
||
| KB5015875 |
support.microsoft.com/en-in/help/5015875 |
||
| KB5015877 |
support.microsoft.com/en-in/help/5015877 |