Remote Code Execution Vulnerability in Windows Network File System

Date
11-11-2020
Vulnerability Name Remote Code Execution Vulnerability in Windows Network File System
Severity Rating HIGH
Software Affected
  • Windows 10 Version 1607 for 32-bit Systems and x64-based Systems
  • Windows 10 Version 1809 for 32-bit Systems, x64-based Systems and ARM64-based Systems
  • Windows 10 Version 1903 for 32-bit Systems, x64-based Systems and ARM64-based Systems
  • Windows 10 Version 1909 for 32-bit Systems, x64-based Systems and ARM64-based Systems
  • Windows 10 Version 2004 for 32-bit Systems, x64-based Systems and ARM64-based Systems
  • Windows 10 Version 20H2 for 32-bit Systems, x64-based Systems and ARM64-based Systems
  • Windows 7 for 32-bit Systems SP1 and x64-based Systems SP1
  • Windows 8.1 for 32-bit systems and x64-based Systems SP1
  • Windows RT 8.1
  • Windows Server 2008 for 32-bit Systems SP2 and x64-based Systems SP1
  • Windows Server 2008 R2 for x64-based Systems SP1
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019
  • Windows Server 2008 for 32-bit Systems SP2 (Server Core installation)
  • Windows Server 2008 for x64-based Systems SP2 (Server Core installation)
  • Windows Server 2008 R2 for x64-based Systems SP1 (Server Core installation)
  • Windows Server 2012 (Server Core installation)
  • Windows Server 2012 R2 (Server Core installation)
  • Windows Server 2016 (Server Core installation)
  • Windows Server 2019 (Server Core installation)
  • Windows Server, version 1903 (Server Core installation)
  • Windows Server, version 1909 (Server Core installation)
  • Windows Server, version 2004 (Server Core installation)
  • Windows Server, version 20H2 (Server Core Installation)
CVE Name CVE-2020-17051

Overview
A vulnerability has been reported in Microsoft Windows Network File System (NFS) which could allow a remote attacker to execute arbitrary code on a targeted system.
Description
This vulnerability exists in Network File System (NFS) due to improper handling of objects in memory. A remote attacker could exploit this vulnerability by sending a specially crafted request to an affected system which could trigger a heap overflow. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on the targeted system.


Solution
Apply appropriate patches as mentioned in Microsoft Security Guidance
https://portal.msrc.microsoft.com/en-us/security-guidance

Vendor Information
Microsoft
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17051
References
Threatpost
https://threatpost.com/microsoft-patch-tuesday-critical-bugs/161098/
Sophos
https://news.sophos.com/en-us/2020/11/10/november-patch-tuesday-fixes-close-112-holes-including-one-already-being-
exploited

McAfee
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/cve-2020-17051-remote-kernel-heap-overflow-in-nfsv3-windows-
server/

Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.

Note: Any unusual activity or attack should be reported immediately at incident@cert-in.org.in, cert.ksitm@kerala.gov.in with the relevant logs for analysis and taking further appropriate actions.

 
 
 
 
 

 

 

 

KSITM

Saankethika,
Vrindavan Gardens,Pattom.P.O,
Thiruvananthapuram - 695004
Tel: +91 471 2525444, 2525430
admin.ksitm@kerala.gov.in

e Office: 0471 2525441
UIDAI / Aadhaar: 0471 2525442
Akshaya: 0471 2525443

©2021 KSITM. All Rights Reserved.  Designed & Developed by C-DIT

Top