CVE-2022-30216

Name of the Vulnerable Software and Affected Versions Windows Server versions prior to the fixed version

Description The issue is related to a tampering vulnerability in the Windows Server service, allowing attackers to affect the system. This vulnerability can lead to authentication coercion, enabling attackers to perform server spoofing or trigger authentication coercion on the victim. The Server service, responsible for managing SMB shares, is impacted, and the vulnerability is significant because the service runs by default on every Windows machine.

Recommendations For Windows Server versions prior to the fixed version, consider disabling the srvsvc service until a patch is available. Restrict access to the pipesrvsvc named pipe to minimize the risk of exploitation. Avoid using the Server service for creating, configuring, querying, or deleting shares through RPC over a named pipe until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.