CVE-2023-24941

Меры по смягчению последствий

Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:

This vulnerability is not exploitable in NFSV2.0 or NFSV3.0. Prior to updating your version of Windows that protects against this vulnerability, you can mitigate an attack by disabling NFSV4.1. This could adversely affect your ecosystem and should only be used as a temporary mitigation.

Warning You should NOT apply this mitigation unless you have installed the May 2022 Windows security updates. Those updates address CVE-2022-26937 which is a Critical vulnerability in NFSV2.0 and NFSV3.0.

The following PowerShell command will disable those versions:

PS C:\Set-NfsServerConfiguration -EnableNFSV4 $false

After running the command, you will need to restart NFS server or reboot the machine.

To restart NFS server, start a cmd window with Run as Administrator, enter the following commands:

• nfsadmin server stop
• nfsadmin server start

To confirm that NFSv4.1 has been turned off, run the following command in a Powershell window:

PS C:\Get-NfsServerConfiguration

Here is the sample output. Notice the EnableNFSv4.1 is "False" now:

To re-enable NFSv4.1 after you have installed the security update, enter the following command:

Set-NfsServerConfiguration -EnableNFSV4 $True

Again, after running the command you will need to restart NFS server or reboot the machine.

FAQ

How could an attacker exploit this vulnerability?

This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).