Description

Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death (BSOD) crash of the Windows kernel. For most systems, this attack requires authentication, except in the special case of Windows Domain Controllers, where unauthenticated users can always open named pipes as long as they can establish an SMB session. Typically, after the BSOD, the victim SMBv3 server will reboot.

Related CPE's

o

microsoft

windows_10

4

o

microsoft

windows_11

-

Vulnerable

o

microsoft

windows_server_2019

-

Vulnerable

References

https://github.com/zeroSteiner/metasploit-framework/blob/feat/mod/cve-2022-32230/modules/auxiliary/dos/smb/smb_filenormalizednameinformation.rb

ExploitThird Party Advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-32230

PatchVendor Advisory

https://support.microsoft.com/en-us/topic/may-10-2022-kb5013942-os-builds-19042-1706-19043-1706-and-19044-1706-60b51119-85be-4a34-9e21-8954f6749504

PatchVendor Advisory

https://www.rapid7.com/blog/post/2022/06/14/cve-2022-32230-windows-smb-denial-of-service-vulnerability-fixed/

ExploitThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-476

[email protected]

Secondary
CWE-476

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2022-06-14T22:15:10.450

3 years ago

Last modified

2022-06-23T19:28:34.777

3 years ago