CVE-2022-30154

Name of the Vulnerable Software and Affected Versions Microsoft File Server Shadow Copy Agent Service (RVSS) (affected versions not specified)

Description The issue is related to insufficient access restrictions in the Microsoft File Server Shadow Copy Agent Service (RVSS), which can be exploited by an attacker to bypass security restrictions and elevate their privileges. This vulnerability, also known as ShadowCoerce, allows attackers to target Windows servers in NTLM Relay attacks, forcing vulnerable servers to authenticate and potentially capturing the domain. The vulnerability was first described in detail by researcher Lionel Gilles in 2021, demonstrating an attack known as PetitPotam. It is also vulnerable to NTLM relay attacks, which can force a domain controller to authenticate a malicious NTLM relay under the control of a hacker. This can allow the attacker to impersonate any network device, including the Windows domain controller.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.