Headline

CVE-2022-24508: Windows SMBv3 Client/Server Remote Code Execution Vulnerability

The following workaround may be helpful in your situation. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as they become available even if you plan to leave this workaround in place:

Disable SMBv3 compression

You can disable compression to block authenticated attackers from exploiting the vulnerability against an SMBv3 Server with the PowerShell command below.

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force

Notes:

No reboot is needed after making the change.
This workaround does not prevent exploitation of SMB clients; please see item 2 under FAQ to protect clients.

You can disable the workaround with the PowerShell command below.

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 0 -Force

Note: No reboot is needed after disabling the workaround.

2 years ago

Microsoft Security Response Center

Open in Source

#vulnerability #windows #microsoft #Windows SMB Server #Security Vulnerability

Microsoft Security Response Center: Latest News

CVE-2024-49060: Azure Stack HCI Elevation of Privilege Vulnerability

5 days ago

Microsoft Security Response Center

CVE-2024-11117: Chromium: CVE-2024-11117 Inappropriate implementation in FileSystem

6 days ago

Microsoft Security Response Center

CVE-2024-11116: Chromium: CVE-2024-11116 Inappropriate implementation in Paint

6 days ago

Microsoft Security Response Center

CVE-2024-11115: Chromium: CVE-2024-11115 Insufficient policy enforcement in Navigation

6 days ago

Microsoft Security Response Center

CVE-2024-11114: Chromium: CVE-2024-11114 Inappropriate implementation in Views

6 days ago

Microsoft Security Response Center