QID 92016

Date Published: 2023-05-10

QID 92016: Microsoft Windows Network File System (NFS) Remote Code Execution (RCE) Vulnerability for May 2023

Microsoft Windows Network File System is vulnerable to Remote Code Execution Vulnerability.

Operating Systems: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 and Windows Server 2022

This vulnerability is not exploitable in NFSV2.0 or NFSV3.0

The KB Articles associated with the update are:
KB5026415
KB5026409
KB5026419
KB5026411
KB5026363
KB5026370
KB5026362

QID Detection Logic (Authenticated):

This QID checks for the file version of nfssvr.sys and checks if the mitigations have been applied.

This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).

  • CVSS V3 rated as Critical - 9.8 severity.
  • CVSS V2 rated as High - 7.5 severity.
    • Solution
    Please refer to the CVE-2023-24941 for more information pertaining to the vulnerability.

    Workaround:
    The following PowerShell command will disable the affected NFS server versions:
    PS C:\Set-NfsServerConfiguration -EnableNFSV4 $false

    Vendor References

    CVEs related to QID 92016

    CVE-2023-24941 |
    Software Advisories
    Advisory ID Software Component Link
    KB5026362 URL Logo support.microsoft.com/en-in/help/5026362
    KB5026363 URL Logo support.microsoft.com/en-in/help/5026363
    KB5026370 URL Logo support.microsoft.com/en-in/help/5026370
    KB5026409 URL Logo support.microsoft.com/en-in/help/5026409
    KB5026411 URL Logo support.microsoft.com/en-in/help/5026411
    KB5026415 URL Logo support.microsoft.com/en-in/help/5026415
    KB5026419 URL Logo support.microsoft.com/en-in/help/5026419
    By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].