Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-24508: Win32 File Enumeration Remote Code Execution Vulnerability

The following workaround may be helpful in your situation. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as they become available even if you plan to leave this workaround in place:

Disable SMBv3 compression

You can disable compression to block authenticated attackers from exploiting the vulnerability against an SMBv3 Server with the PowerShell command below.

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force

Notes:

  1. No reboot is needed after making the change.
  2. This workaround does not prevent exploitation of SMB clients; please see item 2 under FAQ to protect clients.

You can disable the workaround with the PowerShell command below.

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 0 -Force

Note: No reboot is needed after disabling the workaround.

Microsoft Security Response Center
#vulnerability#microsoft#Windows SMB Server#Security Vulnerability

Microsoft Security Response Center: Latest News

CVE-2024-49060: Azure Stack HCI Elevation of Privilege Vulnerability