Blog
12.02.2020

CVE-2020-17051 Wormable RCE in Windows NFS server

Virsec Security Research Lab Vulnerability Analysis

The Virsec Security Research Lab provides detailed analysis on recent and notable security vulnerabilities.

Vulnerability Summary

In a network-based attack, an attacker with write access to a Windows NFS share could execute code remotely within the kernel. This vulnerability is wormable between machines hosting writable NFS shares. Microsoft’s documentation states that functional reproduction of the exploit of this vulnerability is possible.

Watch the video to learn more about this and other important vulnerabilities.

CVSS Score

The CVSS Base Score is 9.8 (Critical)

Affected Windows Versions

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows Server, version 2004 (Server Core installation)

Windows Server, version 1903 (Server Core installation)

Windows Server, version 1909 (Server Core installation)

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows Server, version 20H2 (Server Core Installation)

Vulnerability Attribution

Soyeon Park - Microsoft Platform Security Assurance & Vulnerability Research

Risk Impact

The risk posed by this vulnerability is a high as it gets. An attacker can not only completely compromise the local Windows Server kernel but can also worm into adjacent servers. Public exploit is not available.

Virsec Security Platform (VSP) Support

The Virsec Security Platform (VSP)- NVD has not yet assigned a CWE to this vulnerability so it is hard to definitively state how the vulnerability can be protected. As we become aware of the details, we will update this section..

Reference Links

Download the full vulnerability report to learn more about this and other important vulnerabilities.

About the Author
Satya Gupta is Virsec’s visionary founder, with over 25 years of expertise in embedded systems, network security and systems architecture. Satya has helped build and guide the company through key growth phases from initial funding (2015), developing core technology with key partners including Raytheon and Lockheed (2016-2018), to launching an enterprise class, GA product (2019). Prior to this, Satya built a highly profitable software design and consulting business targeting data networking, application security and industrial automation projects. He was also Director of Firmware Engineering at Narad Networks and Managing Director and Chief Engineer at Eastern Telecom and Tech Ltd. Satya has more than 40 patents in complex firmware architecture with products deployed to hundreds of thousands of users. He holds a BS degree in Engineering from the Indian Institute of Technology in Kanpur and additional degrees from the University of Massachusetts at Lowell.