CVE-2022-30154

FAQ

I am running a supported version of Windows Server. Is my system vulnerable to this issue?

Systems running Windows Server that have the optional component File Server VSS Agent Service installed are vulnerable to this exploit. By default, systems running Windows Server are not vulnerable. In addition, Windows Client editions are not vulnerable to this exploit.

Are there any more actions I need to take to be protected from this vulnerability?

Yes. Customers who have the File Server VSS Agent Service running on their Windows Servers must install the June 14, 2022 or later Windows updates on both the Application Server and the File Server, to become protected and functional. Failure to install the updates on both machine roles could cause backup operations carried out by applications that previously worked to fail. For more information, see https://support.microsoft.com/help/5015527.

According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N), major loss of integrity (I:H) but have no effect on availability (A:N). How could an attacker impact the File Server Shadow Copy Agent Service?

An attacker who successfully exploited this vulnerability could affect the integrity of the shadow copy because they could create or delete a shadow copy file of SMB shares. Note, however, that an attacker cannot stop the RVSS service or access the content of the shadow copy.

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.