CVE-2022-26933 Windows NTFS Information Disclosure Vulnerability.

CVE-2022-26933 Windows NTFS Information Disclosure Vulnerability.

This issue is rated as High Risk due to the fact that it can be exploited by malicious attackers to gain access to an affected system. If a user has a writable NTFS partition on his/her system, then an attacker can exploit this issue to get access to the system. This issue affects Windows 7, Windows 8, and Windows 10.

root@kali:~# nmap -sV --script ntfs-info-vulns -p detecting-nmap 10.10.10.10
In the following image, you can see the ntfs-info-vulns script results when nmap scans the 10.10.10.10 target:
root@kali:~# cat ntfs-info-vulns.nse --- 10.10.10.10:4137 -- -- [18/Feb/2018:17:31:14 +0000] "NTFS information disclosure (ntfs-info-vulns)

This vulnerability allows an attacker to read files from an NTFS file system. This can be done by creating a malicious file on the system, mounting the NTFS file system, and reading files from the mounted file system.
This issue affects Windows 7, Windows 8.1, Windows 10, Windows Server 2008 and later, Windows Server 2012 and later, and Windows Server 2016.

Microsoft released a security advisory that addresses this issue

NTFS write vulnerability - CVE-2023-26934

This issue is rated as High Risk due to the fact that it can be exploited by malicious attackers to gain access to an affected system. If a user has a writable NTFS partition on his/her system, then an attacker can exploit this issue to get access to the system. This issue affects Windows 7, Windows 8, and Windows 10.

https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26934

Windows 8/10 - CVE-2018-0872

This issue is rated as High Risk due to the fact that it can be exploited by malicious attackers to gain access to an affected system. If a user has a writable NTFS partition on his/her system, then an attacker can exploit this issue to get access to the system. This issue affects Windows 8.1, Windows 10, and Windows Server 2012 and later.

root@kali:~# nmap -pV --script ntfs-info-vulns -Pn 10.10.10.10
In the following image, you can see the ntfs-info-vulns script results when nmap scans the 10.10.10.10 target:

Windows 10 and Windows Server 2016

If the system is running Windows 10 and Windows Server 2016, then there are some steps that can be taken to mitigate this vulnerability. The following instructions will allow an administrator to block the NTFS file system from mounting:

(1) Run the following command:
cmd /c net stop spoolss
(2) Run the following command:
NtfsDisableMount -F 1
(3) Run the following powershell script on your system:
Set-ExecutionPolicy RemoteSigned -Scope Process -Force

Microsoft Security Advisory: MS-2022-26933

CVE-2022-26933 is a vulnerability in the Windows NTFS file system driver that can be exploited by malicious attackers to gain access to an affected system. This issue affects Windows 7, Windows 8, and Windows 10.

Windows versions and editions that are not affected by this issue

This issue does not affect versions of Windows earlier than Windows 7, versions of Windows Server 2008 and later, or any other editions of Windows.

Since this vulnerability affects only Microsoft products, it is limited to users with writable NTFS partitions on their systems.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe