Security
Headlines
HeadlinesLatestCVEs

Tag

#Windows Distributed File System (DFS)

CVE-2024-30063: Windows Distributed File System (DFS) Remote Code Execution Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** This vulnerability could be triggered when a user connects a Windows client to a malicious server.

Microsoft Security Response Center
#vulnerability#windows#rce#Windows Distributed File System (DFS)#Security Vulnerability
CVE-2024-29066: Windows Distributed File System (DFS) Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit a DFS namespace (non-default) out-of-bound write vulnerability that results in heap corruption, which could then be used to perform arbitrary code execution on the server's dfssvc.exe process which runs as SYSTEM user.

CVE-2024-26226: Windows Distributed File System (DFS) Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.

CVE-2023-36425: Windows Distributed File System (DFS) Remote Code Execution Vulnerability

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.

CVE-2023-21820: Windows Distributed File System (DFS) Remote Code Execution Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** This vulnerability could be triggered when a windows client connects to a malicious remote share.

CVE-2022-38025: Windows Distributed File System (DFS) Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** Exploiting this vulnerability could allow the disclosure of certain kernel memory content.

CVE-2022-34719: Windows Distributed File System (DFS) Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** A local authenticated attacker could gain elevated privileges through a vulnerable DFS client, which could allow the attacker to locally execute arbitrary code in the kernel.