"Windows Network File System Flaw Results in Arbitrary Code Execution as System"
Trend Micro Research has released details about a now-patched Remote Code Execution (RCE) vulnerability in the Windows Network File System (NFS). The flaw, which stemmed from the improper handling of NFSv4, could be used by attackers to send malicious Remote Procedure Call (RPC) calls to a target server. Exploiting this flaw may result in arbitrary code execution as SYSTEM, whereas unsuccessful exploitation may simply cause the target to crash. The origins of NFS go back to Sun Microsystems' work in 1984, and the vulnerability was present in the Windows implementation. To exchange control messages, NFS employs Open Network Computing Remote Procedure Call (ONC RPC). According to the researchers, the Windows vulnerability was caused by an incorrect calculation of the size of response messages. Crafty attackers could exploit this flaw to send a request with enough operations to cause a large-sized miscalculation. This article continues to discuss the potential exploitation and impact of the Windows NFS flaw.