{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2022-016.pdf"
    },
    "title": "Important Vulnerability in Windows SMBv3",
    "serial_number": "2022-016",
    "publish_date": "10-03-2022 22:05:00",
    "description": "On March 8th, Microsoft fixed in the monthly Patch Tuesday 71 vulnerabilities with three classified as Critical as they allow remote code execution. A remote code execution vulnerability classified as Important affects Windows SMBv3 Client/Server.<br>The vulnerability tracked as CVE-2022-24508 is a remote code execution vulnerability allowing an authenticated user to execute malicious code on Windows 10 version 2004 and newer systems via SMBv3. No active exploitation of this vulnerability is known yet.",
    "url_title": "2022-016",
    "content_markdown": "---\ntitle: 'Important Vulnerability in\u00a0Windows\u00a0SMBv3'\nversion: '1.0'\nnumber: '2022-016'\ndate: 'March 10, 2022'\n---\n\n_History:_\n\n* _10/03/2022 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn March 8th, Microsoft fixed in the monthly Patch Tuesday 71 vulnerabilities with three classified as **Critical** as they allow remote code execution [1]. A remote code execution vulnerability classified as **Important** affects Windows SMBv3 Client/Server.\n\nThe vulnerability tracked as CVE-2022-24508 is a remote code execution vulnerability allowing an authenticated user to execute malicious code on Windows 10 version 2004 and newer systems via SMBv3 [2]. No active exploitation of this vulnerability is known yet.\n\n# Technical Details\n\nThere is not much detail available about how this vulnerability could be exploited. However, it is notable because it is listed as _Exploitation more likely_ by Microsoft. This vulnerability is rated **Important** rather than **Critical**. There is no public disclosure, and it is not currently being exploited. However, the attack vector and likelihood of exploitation make it a candidate for possible attacks, and so this should be a high priority for patching [3].\n\n# Affected Products\n\n* Windows 10 Version 21H1 for 32-bit Systems\n* Windows 10 Version 21H1 for ARM64-based Systems\n* Windows 10 Version 21H1 for x64-based Systems\n* Windows 10 Version 20H2 for 32-bit Systems\n* Windows 10 Version 20H2 for x64-based Systems\n* Windows Server 2022 Azure Edition Core Hotpatch\n* Windows Server 2022 (Server Core installation)\n* Windows Server 2022\n* Windows 10 Version 21H2 for x64-based Systems\n* Windows 10 Version 21H2 for ARM64-based Systems\n* Windows 10 Version 21H2 for 32-bit Systems\n* Windows 11 for ARM64-based Systems\n* Windows 11 for x64-based Systems\n* Windows Server, version 20H2 (Server Core Installation)\n* Windows 10 Version 20H2 for ARM64-based Systems\n\n# Mitigations\n\nMicrosoft strongly recommends to install the updates but also provide workaround steps by disabling SMBv3 compression [4]. \n\n# Recommendations\n\nCERT-EU recommends to apply the patches released on March 2022 Patch Tuesday [5].\n\n# References\n\n[1] <https://www.bleepingcomputer.com/news/microsoft/microsoft-march-2022-patch-tuesday-fixes-71-flaws-3-zero-days/>\n\n[2] <https://www.theregister.com/2022/03/09/microsoft_patch_tuesday/>\n\n[3] <https://news.sophos.com/en-us/2022/03/08/microsoft-patches-71-vulnerabilities-including-rdp-client-exchange-server-intune/>\n\n[4] <https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24508>\n\n[5] <https://msrc.microsoft.com/update-guide/releaseNote/2022-Mar>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>10/03/2022 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On March 8th, Microsoft fixed in the monthly Patch Tuesday 71 vulnerabilities with three classified as <strong>Critical</strong> as they allow remote code execution [1]. A remote code execution vulnerability classified as <strong>Important</strong> affects Windows SMBv3 Client/Server.</p><p>The vulnerability tracked as CVE-2022-24508 is a remote code execution vulnerability allowing an authenticated user to execute malicious code on Windows 10 version 2004 and newer systems via SMBv3 [2]. No active exploitation of this vulnerability is known yet.</p><h2 id=\"technical-details\">Technical Details</h2><p>There is not much detail available about how this vulnerability could be exploited. However, it is notable because it is listed as <em>Exploitation more likely</em> by Microsoft. This vulnerability is rated <strong>Important</strong> rather than <strong>Critical</strong>. There is no public disclosure, and it is not currently being exploited. However, the attack vector and likelihood of exploitation make it a candidate for possible attacks, and so this should be a high priority for patching [3].</p><h2 id=\"affected-products\">Affected Products</h2><ul><li>Windows 10 Version 21H1 for 32-bit Systems</li><li>Windows 10 Version 21H1 for ARM64-based Systems</li><li>Windows 10 Version 21H1 for x64-based Systems</li><li>Windows 10 Version 20H2 for 32-bit Systems</li><li>Windows 10 Version 20H2 for x64-based Systems</li><li>Windows Server 2022 Azure Edition Core Hotpatch</li><li>Windows Server 2022 (Server Core installation)</li><li>Windows Server 2022</li><li>Windows 10 Version 21H2 for x64-based Systems</li><li>Windows 10 Version 21H2 for ARM64-based Systems</li><li>Windows 10 Version 21H2 for 32-bit Systems</li><li>Windows 11 for ARM64-based Systems</li><li>Windows 11 for x64-based Systems</li><li>Windows Server, version 20H2 (Server Core Installation)</li><li>Windows 10 Version 20H2 for ARM64-based Systems</li></ul><h2 id=\"mitigations\">Mitigations</h2><p>Microsoft strongly recommends to install the updates but also provide workaround steps by disabling SMBv3 compression [4]. </p><h2 id=\"recommendations\">Recommendations</h2><p>CERT-EU recommends to apply the patches released on March 2022 Patch Tuesday [5].</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.bleepingcomputer.com/news/microsoft/microsoft-march-2022-patch-tuesday-fixes-71-flaws-3-zero-days/\">https://www.bleepingcomputer.com/news/microsoft/microsoft-march-2022-patch-tuesday-fixes-71-flaws-3-zero-days/</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.theregister.com/2022/03/09/microsoft_patch_tuesday/\">https://www.theregister.com/2022/03/09/microsoft_patch_tuesday/</a></p><p>[3] <a rel=\"noopener\" target=\"_blank\" href=\"https://news.sophos.com/en-us/2022/03/08/microsoft-patches-71-vulnerabilities-including-rdp-client-exchange-server-intune/\">https://news.sophos.com/en-us/2022/03/08/microsoft-patches-71-vulnerabilities-including-rdp-client-exchange-server-intune/</a></p><p>[4] <a rel=\"noopener\" target=\"_blank\" href=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24508\">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24508</a></p><p>[5] <a rel=\"noopener\" target=\"_blank\" href=\"https://msrc.microsoft.com/update-guide/releaseNote/2022-Mar\">https://msrc.microsoft.com/update-guide/releaseNote/2022-Mar</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}