1. Summary of CVE-2022-32230
Vulnerability Name | Windows SMB Denial of Service Vulnerability (CVE-2022-32230) |
---|---|
Release Time | June 14, 2022 |
Component Name | Windows SMB Protocol |
Affected Versions | Windows 10 Windows 11 Windows Server 2019 (For more details, see Section 3) |
Vulnerability Type | Denial of Service |
Exploit Condition | User Authentication: Not required. Precondition: Default configuration. Trigger Mode: Remote |
Description | Exploit Difficulty: Easy Severity: High. Attackers can cause a denial of service. CVSS Score: 7.5 |
2.About the Vulnerability
2.1 Introduction
The Server Message Block (SMB) protocol is a network file sharing protocol that allows applications on a computer to read and write to files and to request services from server programs in a computer network.
2.2 Summary
On June 17, 2022, Sangfor FarSight Labs received a notice about a denial of service vulnerability (CVE-2022-32230) in the SMB protocol, classified as high with a CVSS score of 7.5.
Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death (BSOD) crash of the Windows kernel. For most systems, this attack requires authentication, except in the special case of Windows Domain Controllers, where unauthenticated users can always open named pipes as long as they can establish an SMB session. Typically, after the BSOD, the victim SMBv3 server will reboot.
3.Affected Versions
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
4.Solutions
4.1 Remediation Solutions
4.1.1 Check the System Patch Installation
1) Run "systeminfo" in a CMD window and it will display a list of details about the system, including what patches are installed.
2) Check if the patch corresponding to your OS is installed. Patches for affected OS versions can be found in the link below: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-32230
3) If the patch is not installed, proceed to "4.1.2 Microsoft Solution" to download and install the patch.
4.1.2 Microsoft Solution
Microsoft has released a patch for affected OS versions to fix this vulnerability. Please download the patch corresponding to the affected OS from the following link:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-32230
Patching Method:
1) Open the above link and download the security update corresponding to the affected OS version.
2) Run the security update on the Windows system that needs to be patched.
4.2 Sangfor Solution
4.2.1 Security Monitoring
The following Sangfor products and services perform real-time monitoring of assets affected by the Windows SMB Denial of Service Vulnerability (CVE-2022-32230):
- Sangfor Cyber Command
- Sangfor Cyber Guardian Detection and Response Service
4.2.2 Security Protection
The following Sangfor products and services provide protection against the Windows SMB Denial of Service Vulnerability (CVE-2022-32230):
- Sangfor Next Generation Application Firewall (NGAF)
- Sangfor Cyber Guardian Detection and Response Service
5.Timeline
On June 17, 2022, Sangfor FarSight Labs received a notice about the Windows SMB Denial of Service Vulnerability (CVE-2022-32230).
On June 17, 2022, Sangfor FarSight Labs released a vulnerability alert with remediation solutions.
6.Reference
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-32230
7.Learn More
Sangfor FarSight Labs researches the latest cyberthreats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyberthreats, providing fast and easy protection for customers.