CVE-2022-24500

Меры по смягчению последствий

Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation:

1. Block TCP port 445 at the enterprise perimeter firewall

TCP port 445 is used to initiate a connection with the affected component. Blocking this port at the network perimeter firewall will help protect systems that are behind that firewall from attempts to exploit this vulnerability. This can help protect networks from attacks that originate outside the enterprise perimeter. Blocking the affected ports at the enterprise perimeter is the best defense to help avoid Internet-based attacks. However, systems could still be vulnerable to attacks from within their enterprise perimeter.

2. Follow Microsoft guidelines to secure SMB traffic

Secure SMB Traffic in Windows Server.

FAQ

How could an attacker exploit the vulnerability?

For vulnerability to be exploited, a user would need to access a malicious SMB server to retrieve some data as part of an OS API call.

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.