Headline

CVE-2022-24508: Win32 File Enumeration Remote Code Execution Vulnerability

The following workaround may be helpful in your situation. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as they become available even if you plan to leave this workaround in place:

Disable SMBv3 compression

You can disable compression to block authenticated attackers from exploiting the vulnerability against an SMBv3 Server with the PowerShell command below.

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force

Notes:

No reboot is needed after making the change.
This workaround does not prevent exploitation of SMB clients; please see item 2 under FAQ to protect clients.

You can disable the workaround with the PowerShell command below.

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 0 -Force

Note: No reboot is needed after disabling the workaround.

2 years ago

Microsoft Security Response Center

Open in Source

#vulnerability #microsoft #Windows SMB Server #Security Vulnerability

Microsoft Security Response Center: Latest News

CVE-2024-43574: Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability

2 days ago

Microsoft Security Response Center

CVE-2024-43572: Microsoft Management Console Remote Code Execution Vulnerability

2 days ago

Microsoft Security Response Center

CVE-2024-43593: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

2 days ago

Microsoft Security Response Center

CVE-2024-43592: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

2 days ago

Microsoft Security Response Center

CVE-2024-43583: Winlogon Elevation of Privilege Vulnerability

2 days ago

Microsoft Security Response Center