CVE-2020-17051 Wormable RCE in Windows NFS server

Virsec Security Research Lab Vulnerability Analysis

The Virsec Security Research Lab provides detailed analysis on recent and notable security vulnerabilities.

Vulnerability Summary

In a network-based attack, an attacker with write access to a Windows NFS share could execute code remotely within the kernel. This vulnerability is wormable between machines hosting writable NFS shares. Microsoft’s documentation states that functional reproduction of the exploit of this vulnerability is possible.

Watch the video to learn more about this and other important vulnerabilities.

CVSS Score

The CVSS Base Score is 9.8 (Critical)

Affected Windows Versions

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows Server, version 2004 (Server Core installation)

Windows Server, version 1903 (Server Core installation)

Windows Server, version 1909 (Server Core installation)

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows Server, version 20H2 (Server Core Installation)

Vulnerability Attribution

Soyeon Park - Microsoft Platform Security Assurance & Vulnerability Research

Risk Impact

The risk posed by this vulnerability is a high as it gets. An attacker can not only completely compromise the local Windows Server kernel but can also worm into adjacent servers. Public exploit is not available.

Virsec Security Platform (VSP) Support

The Virsec Security Platform (VSP)- NVD has not yet assigned a CWE to this vulnerability so it is hard to definitively state how the vulnerability can be protected. As we become aware of the details, we will update this section..

Reference Links

• https://nvd.nist.gov/vuln/detail/CVE-2020-17051

• https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17051

• https://docs.microsoft.com/en-us/windows-server/storage/nfs/deploy-nfs

•  

Download the full vulnerability report to learn more about this and other important vulnerabilities.

Jump to: List of CVE Vulnerabilities