CVE-2022-30136
published 2022-06-15CVE-2022-30136: Windows Network File System Remote Code Execution Vulnerability
PriorityP190critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
74.68%
99.4th percentile
Windows Network File System Remote Code Execution Vulnerability
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2012 | >= 6.2.9200.0 < 6.2.9200.23736 | 6.2.9200.23736 |
| microsoft | windows_server_2012_r2 | >= 6.3.9600.0 < 6.3.9600.20402 | 6.3.9600.20402 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.5192 | 10.0.14393.5192 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.3046 | 10.0.17763.3046 |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_server_2016 | — | — |
| msrc | windows_server_2019 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2022-30136 is exploitable only via NFSv4.1; NFSv2.0 and NFSv3.0 are NOT affected. Detection should focus on unauthenticated, specially crafted NFS calls targeting NFSv4.1. ↗
- →Talos released a Snort rule set specifically detecting exploitation attempts for CVE-2022-30136 and related June 2022 Patch Tuesday vulnerabilities. Cisco Secure Firewall customers should update their SRU; open-source Snort Subscriber Rule Set customers should download the latest rule pack from Snort.org. ↗
- →The vulnerability is not exploitable in NFSv2.0 or NFSv3.0; scope detection/blocking to NFSv4.1 traffic only. ↗
- ·Disabling NFSv4.1 as a temporary mitigation requires the May 2022 Windows security updates (addressing CVE-2022-26937) to already be installed first; applying the mitigation without those updates leaves NFSv2.0 and NFSv3.0 critically vulnerable. ↗
- ·The PowerShell command to disable NFSv4.1 as a temporary mitigation is: Set-NfsServerConfiguration -EnableNFSV4 $false — followed by an NFS server restart or machine reboot. ↗
- ·Exploitation likelihood is rated 'More Likely' for both latest and older software releases, meaning active exploitation attempts should be anticipated even before public PoC is confirmed. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck9.8CRITICAL
vendor_msrc9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4j6c-gm6c-gqpp: Windows Network File System Remote Code Execution Vulnerability
ghsa_unreviewed·2022-06-16
CVE-2022-30136 [CRITICAL] GHSA-4j6c-gm6c-gqpp: Windows Network File System Remote Code Execution Vulnerability
Windows Network File System Remote Code Execution Vulnerability.
VulnCheck
Windows Network File System Remote Code Execution
vulncheck·2022·CVSS 9.8
CVE-2022-30136 [CRITICAL] Windows Network File System Remote Code Execution
Windows Network File System Remote Code Execution
Windows Network File System Remote Code Execution Vulnerability
Affected: Microsoft Windows
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://unit42.paloaltonetworks.com/network-security-trends-nov-jan/
Exploit PoC: https://vulncheck.com/xdb/30229201b0bb; https://vulncheck.com/xdb/2e454094cc6c
Microsoft
Windows Network File System Remote Code Execution Vulnerability
vendor_msrc·2022-06-14·CVSS 9.8
CVE-2022-30136 [CRITICAL] Windows Network File System Remote Code Execution Vulnerability
Windows Network File System Remote Code Execution Vulnerability
FAQ: How could an attacker exploit this vulnerability?
This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).
Windows Network File System: Windows Network File System
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014692
Reference: https://support.microsoft.com/help/5014692
Reference: https://catalog.update.microsoft.com/v7/site
No detection rules found.
No public exploits indexed.
Unit42
Network Security Trends: November 2022-January 2023
blogs_unit42·2023-05-02·CVSS 9.8
CVE-2021-22005 [CRITICAL] Network Security Trends: November 2022-January 2023
Threat Research Center
Trend Reports
Vulnerabilities
## Network Security Trends: November 2022-January 2023
Yiheng An
Published: May 2, 2023
Trend Reports
Vulnerabilities
Attack analysis
CVE-2021-22005
CVE-2021-31602
CVE-2021-33035
CVE-2021-43287
CVE-2022-1118
CVE-2022-27924
CVE-2022-30136
CVE-2022-31137
CVE-2022-44877
CVE-2022-46169
Exploit in the wild
Network security trends
## Executive Summary
Recent observations of exploits used in the wild November 2022-January 2023 reveal that attackers have been using newly published remote code execution vulnerabilities in the following three products:
Roxy-WI, a web interface for managing and monitoring RoxyDNS
CWP, a free web hosting control panel (aka Control Web Panel or CentOS Web Panel)
Cacti, an open-source netw
Unit42
Network Security Trends: November 2022-January 2023
blogs_unit42·2023-05-02
Network Security Trends: November 2022-January 2023
## Executive Summary
Recent observations of exploits used in the wild November 2022-January 2023 reveal that attackers have been using newly published remote code execution vulnerabilities in the following three products:
- Roxy-WI, a web interface for managing and monitoring RoxyDNS
- CWP, a free web hosting control panel (aka Control Web Panel or CentOS Web Panel)
- Cacti, an open-source network monitoring and graphing tool used to track the performance of various network devices, servers and applications
Additionally, attackers have also been taking advantage of a traversal and information disclosure vulnerability in ThoughtWorks GoCD to read sensitive files stored on servers.
In our observations of network security trends, Unit 42 researchers have pinpointed several attacks based o
Talos
Threat Source newsletter (June 16, 2022) — Three top takeaways from Cisco Live
blogs_talos·2022-06-16
Threat Source newsletter (June 16, 2022) — Three top takeaways from Cisco Live
## Threat Source newsletter (June 16, 2022) — Three top takeaways from Cisco Live
Welcome to this week’s edition of the Threat Source newsletter.
I’m still decompressing from Cisco Live and the most human interaction I’ve had in a year and a half.
But after spending a few days on the show floor and interacting with everyone, there are a few things that stand out to me about the state of security and what people are interested in at Cisco Live. So, I wanted to take some time to highlight a few things that stood out to me at this year’s Cisco Live. Editor's note: The Threat Source newsletter will be on a summer break next week, so no new edition!
## Don’t think about the worst
A lot of our lightning talks at the Cisco Secure Pub this week centered around some crazy days, many of which l
Talos
Threat Source newsletter (June 16, 2022) — Three top takeaways from Cisco Live
blogs_talos·2022-06-16
Threat Source newsletter (June 16, 2022) — Three top takeaways from Cisco Live
Welcome to this week’s edition of the Threat Source newsletter.
I’m still decompressing from Cisco Live and the most human interaction I’ve had in a year and a half.
But after spending a few days on the show floor and interacting with everyone, there are a few things that stand out to me about the state of security and what people are interested in at Cisco Live. So, I wanted to take some time to highlight a few things that stood out to me at this year’s Cisco Live. Editor's note: The Threat Source newsletter will be on a summer break next week, so no new edition!
### Don’t think about the worst
A lot of our lightning talks at the Cisco Secure Pub this week centered around some crazy days, many of which left us scrambling — the Colonial Pipeline ransomware attack, Log4J, Kaseya, you na
Krebs
Microsoft Patch Tuesday, June 2022 Edition
blogs_krebs·2022-06-15·CVSS 7.8
[HIGH] Microsoft Patch Tuesday, June 2022 Edition
Microsoft on Tuesday released software updates to fix 60 security vulnerabilities in its Windows operating systems and other software, including a zero-day flaw in all supported Microsoft Office versions on all flavors of Windows that’s seen active exploitation for at least two months now. On a lighter note, Microsoft is officially retiring its Internet Explorer (IE) web browser, which turns 27 years old this year.
Three of the bugs tackled this month earned Microsoft’s most dire “critical” label, meaning they can be exploited remotely by malware or miscreants to seize complete control over a vulnerable system. On top of the critical heap this month is CVE-2022-30190, a vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows.
Dubbed “Follina,” the fla
Krebs
Microsoft Patch Tuesday, June 2022 Edition
blogs_krebs·2022-06-15·CVSS 7.8
[HIGH] Microsoft Patch Tuesday, June 2022 Edition
Microsoft on Tuesday released software updates to fix 60 security vulnerabilities in its Windows operating systems and other software, including a zero-day flaw in all supported Microsoft Office versions on all flavors of Windows that’s seen active exploitation for at least two months now. On a lighter note, Microsoft is officially retiring its Internet Explorer (IE) web browser, which turns 27 years old this year.
Three of the bugs tackled this month earned Microsoft’s most dire “critical” label, meaning they can be exploited remotely by malware or miscreants to seize complete control over a vulnerable system. On top of the critical heap this month is CVE-2022-30190 , a vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows.
Dubbed “ Follina ,” the
Talos
Microsoft Patch Tuesday for June 2022 — Snort rules and prominent vulnerabilities
blogs_talos·2022-06-14·CVSS 9.8
CVE-2022-30136 [CRITICAL] Microsoft Patch Tuesday for June 2022 — Snort rules and prominent vulnerabilities
## Microsoft Patch Tuesday for June 2022 — Snort rules and prominent vulnerabilities
Microsoft released its monthly security update Tuesday, disclosing 55 vulnerabilities in the company’s firmware and software. One of these vulnerabilities is considered critical, 40 are listed as high severity, and the remainder is considered "moderate."
The most serious issue is CVE-2022-30136 , a remote code execution vulnerability in the Windows Network File System (NFS) service, version NFSv4.1, with a severity score of near-maximum 9.8. An attacker can exploit the vulnerability over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to execute remote code. To mitigate this vulnerability, users are advised to disable the vulnerable version NFSV4.1
Tenable
Microsoft’s June 2022 Patch Tuesday Addresses 55 CVEs (CVE-2022-30190)
blogs_tenable·2022-06-14·CVSS 7.8
[HIGH] Microsoft’s June 2022 Patch Tuesday Addresses 55 CVEs (CVE-2022-30190)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
June 2022 Patch Tuesday | Microsoft Releases 55 Vulnerabilities With 3 Critical; Adobe Releases 6 Advisories, 46 Vulnerabilities With 40 Critical.
blogs_qualys·2022-06-14·CVSS 7.8
[HIGH] June 2022 Patch Tuesday | Microsoft Releases 55 Vulnerabilities With 3 Critical; Adobe Releases 6 Advisories, 46 Vulnerabilities With 40 Critical.
## Table of Contents
Microsoft Patch Tuesday Summary
The June 2022 Microsoft Vulnerabilities Are Classified As Follows:
Notable Microsoft Vulnerabilities Patched
Microsoft Guidance on Intel Processor MMIO Stale Data Vulnerabilities
Windows Server 2022 Azure Edition Core Hotpatch (KB5014677) OS Build 20348.770
Microsoft Critical and Important Vulnerability Highlights
Microsoft Last But Not Least
Adobe Security Bulletins and Advisories
About Qualys Patch Tuesday
Discover and Prioritize Vulnerabilities in Vulnerability Management Detection Response (VMDR)
Rapid Response With Patch Management (PM)
Qualys Monthly Webinar Series
Join the webinar This Month in Vulnerabilities & Patches
## Microsoft Patch Tuesday Summary
Microsoft has fixed 55 vulnerabilities (aka flaws) in the June
Talos
Microsoft Patch Tuesday for June 2022 — Snort rules and prominent vulnerabilities
blogs_talos·2022-06-14·CVSS 9.8
CVE-2022-30136 [CRITICAL] Microsoft Patch Tuesday for June 2022 — Snort rules and prominent vulnerabilities
Microsoft released its monthly security update Tuesday, disclosing 55 vulnerabilities in the company’s firmware and software. One of these vulnerabilities is considered critical, 40 are listed as high severity, and the remainder is considered "moderate."
The most serious issue is CVE-2022-30136, a remote code execution vulnerability in the Windows Network File System (NFS) service, version NFSv4.1, with a severity score of near-maximum 9.8. An attacker can exploit the vulnerability over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to execute remote code. To mitigate this vulnerability, users are advised to disable the vulnerable version NFSV4.1 and restart the NFS server or reboot the machine. Microsoft SharePoint server contains
Qualys
June 2022 Patch Tuesday | Microsoft Releases 55 Vulnerabilities With 3 Critical; Adobe Releases 6 Advisories, 46 Vulnerabilities With 40 Critical. | Qualys
blogs_qualys·2022-06-14·CVSS 7.8
[HIGH] June 2022 Patch Tuesday | Microsoft Releases 55 Vulnerabilities With 3 Critical; Adobe Releases 6 Advisories, 46 Vulnerabilities With 40 Critical. | Qualys
#### Table of Contents
- Microsoft Patch Tuesday Summary
- The June 2022 Microsoft Vulnerabilities Are Classified As Follows:
- Notable Microsoft Vulnerabilities Patched
- Microsoft Guidance on Intel Processor MMIO Stale Data Vulnerabilities
- Windows Server 2022 Azure Edition Core Hotpatch (KB5014677) OS Build 20348.770
- Microsoft Critical and Important Vulnerability Highlights
- Microsoft Last But Not Least
- Adobe Security Bulletins and Advisories
- About Qualys Patch Tuesday
- Discover and Prioritize Vulnerabilities in Vulnerability Management Detection Response (VMDR)
- Rapid Response With Patch Management (PM)
- Qualys Monthly Webinar Series
- Join the webinar This Month in Vulnerabilities & Patches
## Microsoft Patch Tuesday Summary
Microsoft has fixed 55 vulnerabilities (aka fl
Crowdstrike
June Patch Tuesday 2022: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] June Patch Tuesday 2022: Updates and Analysis
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
2022-06-15
Published
Exploited in the wild