1. Summary of CVE-2022-32230

Vulnerability Name Windows SMB Denial of Service Vulnerability (CVE-2022-32230)
Release Time June 14, 2022
Component Name Windows SMB Protocol
Affected Versions Windows 10 Windows 11 Windows Server 2019 (For more details, see Section 3)
Vulnerability Type Denial of Service
Exploit Condition User Authentication: Not required. Precondition: Default configuration. Trigger Mode: Remote
Description Exploit Difficulty: Easy
Severity: High. Attackers can cause a denial of service. CVSS Score: 7.5

2.About the Vulnerability

2.1 Introduction

The Server Message Block (SMB) protocol is a network file sharing protocol that allows applications on a computer to read and write to files and to request services from server programs in a computer network.

2.2 Summary

On June 17, 2022, Sangfor FarSight Labs received a notice about a denial of service vulnerability (CVE-2022-32230) in the SMB protocol, classified as high with a CVSS score of 7.5.

Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death (BSOD) crash of the Windows kernel. For most systems, this attack requires authentication, except in the special case of Windows Domain Controllers, where unauthenticated users can always open named pipes as long as they can establish an SMB session. Typically, after the BSOD, the victim SMBv3 server will reboot.

3.Affected Versions

Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)

4.Solutions

4.1 Remediation Solutions

4.1.1 Check the System Patch Installation

1) Run "systeminfo" in a CMD window and it will display a list of details about the system, including what patches are installed.

  CVE-2022-32230 Solution 1

2) Check if the patch corresponding to your OS is installed. Patches for affected OS versions can be found in the link below: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-32230

CVE-2022-32230: Windows SMB Denial of Service Vulnerability

3) If the patch is not installed, proceed to "4.1.2 Microsoft Solution" to download and install the patch. 

4.1.2 Microsoft Solution

Microsoft has released a patch for affected OS versions to fix this vulnerability. Please download the patch corresponding to the affected OS from the following link:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-32230

Patching Method:

1) Open the above link and download the security update corresponding to the affected OS version.

2) Run the security update on the Windows system that needs to be patched.

4.2 Sangfor Solution

4.2.1 Security Monitoring

The following Sangfor products and services perform real-time monitoring of assets affected by the Windows SMB Denial of Service Vulnerability (CVE-2022-32230):

4.2.2 Security Protection

The following Sangfor products and services provide protection against the Windows SMB Denial of Service Vulnerability (CVE-2022-32230):

5.Timeline

On June 17, 2022, Sangfor FarSight Labs received a notice about the Windows SMB Denial of Service Vulnerability (CVE-2022-32230).

On June 17, 2022, Sangfor FarSight Labs released a vulnerability alert with remediation solutions.

6.Reference

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-32230

7.Learn More

Sangfor FarSight Labs researches the latest cyberthreats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyberthreats, providing fast and easy protection for customers.

Listen To This Post

Search

Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Related Articles

CVE-2024-47575: Fortinet FortiManager Authentication Vulnerability

Date : 25 Oct 2024
Read Now

CVE-2024-38819: Path Traversal Vulnerability

Date : 19 Oct 2024
Read Now

CVE-2024-40766: SonicWALL SonicOS Access Control Flaw Vulnerability

Date : 12 Sep 2024
Read Now

See Other Product

Sangfor Omni-Command
Replace your Enterprise NGAV with Sangfor Endpoint Secure
Cyber Command - NDR Platform
Endpoint Secure
Internet Access Gateway (IAG)
Sangfor Network Secure - Next Generation Firewall