CVE-2020-17051
published 2020-11-11CVE-2020-17051: Windows Network File System Remote Code Execution Vulnerability
PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
9.86%
95.0th percentile
Windows Network File System Remote Code Execution Vulnerability
Affected
26 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.0.0 < publication | publication |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.1.0 < publication | publication |
| microsoft | windows_server_2008_service_pack_2 | >= 6.0.0 < publication | publication |
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2012 | >= 6.2.0 < publication | publication |
| microsoft | windows_server_2012_r2 | >= 6.3.0 < publication | publication |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | >= 10.0.0 < publication | publication |
| microsoft | windows_server_2019 | >= 10.0.0 < publication | publication |
| microsoft | windows_server_version_2004 | >= 10.0.0 < publication | publication |
| microsoft | windows_server_version_20h2 | >= 10.0.0 < publication | publication |
| msrc | windows_server_2008_for_32-bit_systems_service_pack_2 | — | — |
| msrc | windows_server_2008_for_x64-based_systems_service_pack_2 | — | — |
| msrc | windows_server_2008_r2_for_x64-based_systems_service_pack_1 | — | — |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_server_2016 | — | — |
| msrc | windows_server_2019 | — | — |
| msrc | windows_server_version_1903 | — | — |
| msrc | windows_server_version_1909 | — | — |
| msrc | windows_server_version_2004 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
snort↗
SIDs 56161-56264, 56230, 56231, 56254, 56255, 56286-56289, 56295, 56296, 56309, 56301-56305, 56310, 56312
- →CVE-2020-17051 is exploitable via a network-based write to an NFS share, resulting in kernel-level remote code execution — monitor for anomalous write operations to exposed NFS shares from untrusted network sources. ↗
- →The vulnerability is wormable between Windows hosts exposing writable NFS shares — treat lateral movement via NFS write access as a high-priority detection signal. ↗
- →Scope detection to Windows NFS Server roles only; client-side machines are not affected. ↗
- →No user interaction or credential theft is required to exploit this vulnerability — any unauthenticated or low-privilege network access to a writable NFS share is sufficient for exploitation. ↗
- →Treat CVE-2020-17051 as wormable given its CVSS 9.8 score, no-user-interaction requirement, low attack complexity, and NFS being a network service. ↗
- ·Talos Snort rule SIDs cover multiple November 2020 Patch Tuesday CVEs, not exclusively CVE-2020-17051 — validate which SIDs specifically target NFS exploitation before deploying. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_msrc9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wpvf-5wxj-5643: Windows Network File System Remote Code Execution Vulnerability
ghsa_unreviewed·2022-05-24
CVE-2020-17051 [CRITICAL] GHSA-wpvf-5wxj-5643: Windows Network File System Remote Code Execution Vulnerability
Windows Network File System Remote Code Execution Vulnerability
Microsoft
Windows Network File System Remote Code Execution Vulnerability
vendor_msrc·2020-11-10·CVSS 9.8
CVE-2020-17051 [CRITICAL] Windows Network File System Remote Code Execution Vulnerability
Windows Network File System Remote Code Execution Vulnerability
FAQ: What is the attack vector for this vulnerability?
In a network-based attack an attacker with write access to an NFS share could execute code remotely within the kernel.
Is this CVE wormable?
This CVE is wormable between machines hosting writable NFS shares.
Where should the customer be applying the update?
The vulnerability only exists in Windows NFS Servers.
Microsoft Windows: Microsoft Windows
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4586781
Referen
No detection rules found.
No public exploits indexed.
Krebs
Patch Tuesday, November 2020 Edition
blogs_krebs·2020-11-11·CVSS 9.6
[CRITICAL] Patch Tuesday, November 2020 Edition
Adobe and Microsoft each issued a bevy of updates today to plug critical security holes in their software. Microsoft’s release includes fixes for 112 separate flaws, including one zero-day vulnerability that is already being exploited to attack Windows users. Microsoft also is taking flak for changing its security advisories and limiting the amount of information disclosed about each bug.
Some 17 of the 112 issues fixed in today’s patch batch involve “critical” problems in Windows, or those that can be exploited by malware or malcontents to seize complete, remote control over a vulnerable Windows computer without any help from users.
Most of the rest were assigned the rating “important,” which in Redmond parlance refers to a vulnerability whose exploitation could “compromise the confiden
Trendmicro
November Patch Tuesday Fixes Exchange, NFS Vulns
blogs_trendmicro·2020-11-11·CVSS 9.6
[CRITICAL] November Patch Tuesday Fixes Exchange, NFS Vulns
Exploits & Vulnerabilities
# November Patch Tuesday Fixes Exchange, NFS Vulns
Comparing to last month’s update, which saw a noticeable drop to over 80 fixes, the total number of patches for this month increased again, with over a hundred patches released.
By: Trend Micro
2020/11/11
Read time: ( words)
Save to Folio
Microsoft’s Patch Tuesday for November had 112 patches, with 17 categorized as critical. Compared to last month’s update, which saw a noticeable drop to over 80 fixes, the total number of patches for this month increased again, with over a hundred patches released. Six of the vulnerabilities came through the Zero Day Initiative program. Details on the patches can be viewed on Microsoft’s Security Update Guide page.
Patch for recently disclosed zero-day CVE-2020-17087
Thi
Tenable
Microsoft’s November 2020 Patch Tuesday Addresses 112 CVEs including CVE-2020-17087
blogs_tenable·2020-11-10·CVSS 7.8
[HIGH] Microsoft’s November 2020 Patch Tuesday Addresses 112 CVEs including CVE-2020-17087
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
November 2020 Patch Tuesday – 112 Vulnerabilities, 17 Critical, Windows Codecs, Network File System, Workstation, Adobe | Qualys
blogs_qualys·2020-11-10·CVSS 5.3
[MEDIUM] November 2020 Patch Tuesday – 112 Vulnerabilities, 17 Critical, Windows Codecs, Network File System, Workstation, Adobe | Qualys
This month’s Microsoft Patch Tuesday addresses 112 vulnerabilities with 17 of them labeled as Critical. The 17 Critical vulnerabilities cover Windows Codecs, Network File System, Sharepoint, Windows Print Spooler, and several other workstation vulnerabilities. Adobe released patches today for Adobe Connect and Adobe Reader for Android.
### Workstation Patches
The Windows Codecs, GDI+, Browser, Office and Exchange Server vulnerabilities should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are used as remote desktops for users.
### SharePoint RCE
Microsoft patched six vulnerabilities in SharePoint, and one of them could lead to Remote Code Execution (CVE-2020-17061). Th
Talos
Microsoft Patch Tuesday for Nov. 2020 — Snort rules and prominent vulnerabilities
blogs_talos·2020-11-10·CVSS 8.8
[HIGH] Microsoft Patch Tuesday for Nov. 2020 — Snort rules and prominent vulnerabilities
By Jon Munshaw, with contributions from Joe Marshall.
Microsoft released its monthly security update Tuesday, disclosing just over 110 vulnerabilities across its products. This is a slight jump from last month when Microsoft disclosed one of their lowest vulnerability totals in months.
Eighteen of the vulnerabilities are considered “critical" while the vast remainder are ranked as “important,” with two also considered of “low” importance. Users of all Microsoft and Windows products are urged to update their software as soon as possible to avoid possible exploitation of all these bugs.
The security updates cover several different products and services, including the HEVC video file extension, the Azure Sphere platform and Microsoft Exchange servers.
Talos also released a new set of SNOR
Qualys
November 2020 Patch Tuesday – 112 Vulnerabilities, 17 Critical, Windows Codecs, Network File System, Workstation, Adobe
blogs_qualys·2020-11-10·CVSS 5.3
[MEDIUM] November 2020 Patch Tuesday – 112 Vulnerabilities, 17 Critical, Windows Codecs, Network File System, Workstation, Adobe
This month’s Microsoft Patch Tuesday addresses 112 vulnerabilities with 17 of them labeled as Critical. The 17 Critical vulnerabilities cover Windows Codecs, Network File System, Sharepoint, Windows Print Spooler, and several other workstation vulnerabilities. Adobe released patches today for Adobe Connect and Adobe Reader for Android.
## Workstation Patches
The Windows Codecs, GDI+, Browser, Office and Exchange Server vulnerabilities should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are used as remote desktops for users.
## SharePoint RCE
Microsoft patched six vulnerabilities in SharePoint, and one of them could lead to Remote Code Execution ( CVE-2020-17061 ). Th
Krebs
Patch Tuesday, November 2020 Edition
blogs_krebs·2020-11-10·CVSS 9.6
[CRITICAL] Patch Tuesday, November 2020 Edition
Adobe and Microsoft each issued a bevy of updates today to plug critical security holes in their software. Microsoft’s release includes fixes for 112 separate flaws, including one zero-day vulnerability that is already being exploited to attack Windows users. Microsoft also is taking flak for changing its security advisories and limiting the amount of information disclosed about each bug.
Some 17 of the 112 issues fixed in today’s patch batch involve “critical” problems in Windows, or those that can be exploited by malware or malcontents to seize complete, remote control over a vulnerable Windows computer without any help from users.
Most of the rest were assigned the rating “important,” which in Redmond parlance refers to a vulnerability whose exploitation could “compromise the confiden
Talos
Microsoft Patch Tuesday for Nov. 2020 — Snort rules and prominent vulnerabilities
blogs_talos·2020-11-10·CVSS 8.8
[HIGH] Microsoft Patch Tuesday for Nov. 2020 — Snort rules and prominent vulnerabilities
## Microsoft Patch Tuesday for Nov. 2020 — Snort rules and prominent vulnerabilities
By Jon Munshaw, with contributions from Joe Marshall.
Microsoft released its monthly security update Tuesday, disclosing just over 110 vulnerabilities across its products. This is a slight jump from last month when Microsoft disclosed one of their lowest vulnerability totals in months .
Eighteen of the vulnerabilities are considered “critical" while the vast remainder are ranked as “important,” with two also considered of “low” importance. Users of all Microsoft and Windows products are urged to update their software as soon as possible to avoid possible exploitation of all these bugs.
The security updates cover several different products and services, including the HEVC video file extension, the Azure
Zscaler
Zscaler protects against 9 new vulnerabilities for Microsoft
blogs_zscaler·CVSS 7.0
[HIGH] Zscaler protects against 9 new vulnerabilities for Microsoft
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
2020-11-11
Published