CVE-2022-32230
HIGHWindows 10 and 11 and Windows Server 2019 - Denial of Service via SMBv3 FileNormalizedNameInformation Request
Title source: llmDescription
Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death (BSOD) crash of the Windows kernel. For most systems, this attack requires authentication, except in the special case of Windows Domain Controllers, where unauthenticated users can always open named pipes as long as they can establish an SMB session. Typically, after the BSOD, the victim SMBv3 server will reboot.
References (4)
Core 4
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.rapid7.com/blog/post/2022/06/14/cve-2022-32230-windows-smb-denial-of-service-vulnerability-fixed/
Patch, Vendor Advisory x_refsource_confirm
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-32230
Exploit, Third Party Advisory x_refsource_misc
https://github.com/zeroSteiner/metasploit-framework/blob/feat/mod/cve-2022-32230/modules/auxiliary/dos/smb/smb_filenormalizednameinformation.rb
Patch, Vendor Advisory x_refsource_misc
https://support.microsoft.com/en-us/topic/may-10-2022-kb5013942-os-builds-19042-1706-19043-1706-and-19044-1706-60b51119-85be-4a34-9e21-8954f6749504
Scores
CVSS v3
7.5
EPSS
0.0698
EPSS Percentile
93.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (6)
microsoft/windows_10
20h2
microsoft/windows_10
21h1
microsoft/windows_10
21h2
microsoft/windows_10
1809
microsoft/windows_11
microsoft/windows_server_2019
Published
Jun 14, 2022
Tracked Since
Feb 18, 2026