CVE-2022-32230

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the April, 2022 patch set

Description The issue is related to a null pointer dereference in the implementation of the Windows SMBv3 protocol. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death (BSOD) crash of the Windows kernel, leading to a denial-of-service. For most systems, this attack requires authentication, except in the special case of Windows Domain Controllers, where unauthenticated users can always open named pipes as long as they can establish an SMB session. Typically, after the BSOD, the victim SMBv3 server will reboot.

Recommendations As a temporary workaround, consider restricting access to named pipes to minimize the risk of exploitation. Apply the April, 2022 patch set to resolve the issue. For Windows Domain Controllers, ensure that only authorized users can establish SMB sessions.