CVE-2022-34715
published 2022-08-09CVE-2022-34715: Windows Network File System Remote Code Execution Vulnerability
PriorityP277critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
80.10%
99.6th percentile
Windows Network File System Remote Code Execution Vulnerability
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.887 | 10.0.20348.887 |
| msrc | windows_server_2022 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Inspect ONC RPC traffic for NFS Program field value 100003, Procedure field value 1 (COMPOUND), and Program Version field value 4 (NFS4) — these identify NFSv4 COMPOUND requests that must be further inspected. ↗
- →Within qualifying NFSv4 COMPOUND requests, check each operation for vulnerable opcodes OP_CREATE(6), OP_OPEN(18), or OP_SETATTR(34) carrying ACL attribute data (Bit12 / 0x1000 in the attributes bitmap). ↗
- →Flag as suspicious any NFSv4 COMPOUND request where the ACE_Count field in ACL attribute data exceeds 0x8000000 — this is the integer-truncation trigger for the heap buffer overflow. ↗
- →There is no fixed offset to skip non-vulnerable opcodes; the full NFS COMPOUND message must be parsed to locate ACL attribute data, because NFS operations do not carry a consistent per-operation length field. ↗
- →The vulnerability is only exploitable on systems with the NFS role enabled and specifically affects NFS version 4.0 (NFSv4.1); NFSv2.0 and NFSv3.0 are not affected. ↗
- ·The vulnerability is present only on Windows Server 2022; other Windows versions are not affected. ↗
- ·Although Microsoft lists the vulnerability as not requiring authentication, all known exploitation paths require file creation or modification privileges on the NFS share. ↗
- ·This vulnerability is not exploitable in NFSv2.0 or NFSv3.0; only NFSv4.1 is affected. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_msrc9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cf8q-jcgr-5p7h: Windows Network File System Remote Code Execution Vulnerability
ghsa_unreviewed·2022-08-10
CVE-2022-34715 [CRITICAL] CWE-94 GHSA-cf8q-jcgr-5p7h: Windows Network File System Remote Code Execution Vulnerability
Windows Network File System Remote Code Execution Vulnerability.
Microsoft
Windows Network File System Remote Code Execution Vulnerability
vendor_msrc·2022-08-09·CVSS 9.8
CVE-2022-34715 [CRITICAL] Windows Network File System Remote Code Execution Vulnerability
Windows Network File System Remote Code Execution Vulnerability
FAQ: How could an attacker exploit this vulnerability?
This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).
FAQ: What version of Network File System (NFS) is affected by this vulnerability?
Servers that have Network File System version 4.0 (NFS 4.0) installed are affected by this vulnerability.
FAQ: I am running a supported version of Windows Server. Is my system vulnerable to this issue?
This vulnerability is only exploitable for systems that have the NFS role enabled. See NFS Overview for more information on this feature. More information on installing or uninstalling Roles or Role Servic
No detection rules found.
No public exploits indexed.
Securelist
IT threat evolution in Q3 2022. Non-mobile statistics
blogs_securelist·2022-11-18
IT threat evolution in Q3 2022. Non-mobile statistics
Table of Contents
Quarterly figures
Financial threats
Number of users attacked by banking malware
TOP 10 banking malware families
Geography of financial malware attacks
Ransomware programs
Quarterly trends and highlights
Number of new modifications
Number of users attacked by ransomware Trojans
Geography of attacked users
TOP 10 most common families of ransomware Trojans
Miners
Number of new miner modifications
Number of users attacked by miners
Geography of miner attacks
Vulnerable applications used by criminals during cyberattacks
Quarterly highlights
Vulnerability statistics
Attacks on macOS
TOP 20 threats for macOS
Geography of threats for macOS
IoT attacks
IoT threat statistics
Attacks via web resources
Countries and territories that serve as sources of web-ba
Securelist
PC malware statistics, Q3 2022
blogs_securelist·2022-11-18
PC malware statistics, Q3 2022
Table of Contents
- Quarterly figures
- Financial threats
- Ransomware programs
- Miners
- Vulnerable applications used by criminals during cyberattacks
- Attacks on macOS
- IoT attacks
- Attacks via web resources
- Local threats
Authors
- AMR
- IT threat evolution in Q3 2022
- IT threat evolution in Q3 2022. Non-mobile statistics
- IT threat evolution in Q3 2022. Mobile statistics
These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data.
## Quarterly figures
According to Kaspersky Security Network, in Q3 2022:
- Kaspersky solutions blocked 956,074,958 attacks from online resources across the globe.
- Web Anti-Virus recognized 251,288,987 unique URLs as malicious.
- Attempts to run malware fo
Trendmicro
Windows NFS v4 Remote Code Execution
blogs_trendmicro·2022-09-06·CVSS 9.8
CVE-2022-34715 [CRITICAL] Windows NFS v4 Remote Code Execution
# CVE-2022-34715: More Microsoft Windows NFS v4 Remote Code Execution
CVE-2022-34715: More Microsoft Windows NFS v4 Remote Code Execution
By: Trend Micro Research
2022/09/06
Read time: ( words)
Save to Folio
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Quintin Crist and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in the Microsoft Windows operating system, originally discovered and reported by the researcher known as Arimura. The bug is the result of a dynamically allocated buffer created by an NFS function and is present only on Windows Server 2022. An unauthenticated attacker could exploit this bug to execute arbitrary code in the context of SYSTEM. This is the third such NFS
Trendmicro
Windows NFS v4 Remote Code Execution
blogs_trendmicro·2022-09-06·CVSS 9.8
CVE-2022-34715 [CRITICAL] Windows NFS v4 Remote Code Execution
## CVE-2022-34715: More Microsoft Windows NFS v4 Remote Code Execution
CVE-2022-34715: More Microsoft Windows NFS v4 Remote Code Execution
By: Trend Micro Research Sep 06, 2022 Read time: ( words)
Save to Folio
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Quintin Crist and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in the Microsoft Windows operating system, originally discovered and reported by the researcher known as Arimura. The bug is the result of a dynamically allocated buffer created by an NFS function and is present only on Windows Server 2022. An unauthenticated attacker could exploit this bug to execute arbitrary code in the context of SYSTEM. This is the third such NF
Trendmicro
Windows NFS v4 Remote Code Execution
blogs_trendmicro·2022-09-06·CVSS 9.8
CVE-2022-34715 [CRITICAL] Windows NFS v4 Remote Code Execution
## CVE-2022-34715: More Microsoft Windows NFS v4 Remote Code Execution
CVE-2022-34715: More Microsoft Windows NFS v4 Remote Code Execution
By: Trend Micro Research 2022/09/06 Read time: ( words)
Save to Folio
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Quintin Crist and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in the Microsoft Windows operating system, originally discovered and reported by the researcher known as Arimura. The bug is the result of a dynamically allocated buffer created by an NFS function and is present only on Windows Server 2022. An unauthenticated attacker could exploit this bug to execute arbitrary code in the context of SYSTEM. This is the third such NFS
Qualys
August 2022 Patch Tuesday | Microsoft Releases 121 Vulnerabilities With 17 Critical, Plus 20 Microsoft Edge (Chromium-Based); Adobe Releases 5 Advisories, 25 Vulnerabilities With 15 Critical. | Qualys
blogs_qualys·2022-08-09·CVSS 6.5
[MEDIUM] August 2022 Patch Tuesday | Microsoft Releases 121 Vulnerabilities With 17 Critical, Plus 20 Microsoft Edge (Chromium-Based); Adobe Releases 5 Advisories, 25 Vulnerabilities With 15 Critical. | Qualys
#### Table of Contents
- Microsoft Patch Tuesday Summary
- The August 2022 Microsoft Vulnerabilities Are Classified As Follows:
- Notable Microsoft Vulnerabilities Patched
- Security Feature Bypass Vulnerabilities Addressed
- Microsoft Critical and Important Vulnerability Highlights
- Microsoft Edge | Last But Not Least
- Adobe Security Bulletins and Advisories
- About Qualys Patch Tuesday
- Qualys Threat Protection High-Rated Advisories for August 1-9, 2022
- Discover and Prioritize Vulnerabilities in Vulnerability Management Detection Response (VMDR)
- Rapid Response With Patch Management (PM)
- Evaluate Vendor-Suggested Workarounds With Policy Compliance
- Patch Tuesday is Complete.
- Qualys Monthly Webinar Series
- Join the Webinar This Month in Vulnerabilities & Patches
## Microsoft
Qualys
August 2022 Patch Tuesday | Microsoft Releases 121 Vulnerabilities With 17 Critical, Plus 20 Microsoft Edge (Chromium-Based); Adobe Releases 5 Advisories, 25 Vulnerabilities With 15 Critical.
blogs_qualys·2022-08-09·CVSS 6.5
[MEDIUM] August 2022 Patch Tuesday | Microsoft Releases 121 Vulnerabilities With 17 Critical, Plus 20 Microsoft Edge (Chromium-Based); Adobe Releases 5 Advisories, 25 Vulnerabilities With 15 Critical.
## Table of Contents
Microsoft Patch Tuesday Summary
The August 2022 Microsoft Vulnerabilities Are Classified As Follows:
Notable Microsoft Vulnerabilities Patched
Security Feature Bypass Vulnerabilities Addressed
Microsoft Critical and Important Vulnerability Highlights
Microsoft Edge | Last But Not Least
Adobe Security Bulletins and Advisories
About Qualys Patch Tuesday
Qualys Threat Protection High-Rated Advisories for August 1-9, 2022
Discover and Prioritize Vulnerabilities in Vulnerability Management Detection Response (VMDR)
Rapid Response With Patch Management (PM)
Evaluate Vendor-Suggested Workarounds With Policy Compliance
Patch Tuesday is Complete.
Qualys Monthly Webinar Series
Join the Webinar This Month in Vulnerabilities & Patches
## Microsoft Patch Tuesday Sum
Crowdstrike
August Patch Tuesday 2022: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] August Patch Tuesday 2022: Updates and Analysis
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand AT
Crowdstrike
August Patch Tuesday 2022: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] August Patch Tuesday 2022: Updates and Analysis
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
2022-08-09
Published