CVE-2022-37984 Windows WLAN Service Elevation of Privilege Vulnerability.

In Windows operating systems prior to Windows 10, the Network Location Awareness (NLA) service is enabled by default. NLA is a network monitoring service that sends and receives data via the ICMP protocol. ICMP is used to determine the location of the sending host to which data packets are routed. NLA is enabled by default and is exposed to the outside world. As a result, any attacker that can exploit an NLA service can read the location of the machine and send data packets to other hosts. NLA is enabled by default on Windows 7 and Windows 2008 servers. Windows 2008, Windows 7, and Windows 2008 R2 servers are vulnerable to this issue. Windows 2012, Windows 8, Windows 8.1, and Windows 2012 R2 servers have an option to turn off NLA by default. The default setting on these operating systems is not enabled, and NLA is not enabled. Additionally, Windows 2012 R2 and Windows 10 have an option to turn off NLA by default. The default setting on these operating systems is enabled, and NLA is enabled by default. Windows 10 and Windows 2016 have an option to disable NLA by default. The default setting on these operating systems is disabled, and NLA is disabled by default. Windows XP, Windows 2003, Windows NT4, Windows Vista, and Windows 2008 are not vulnerable to this issue. Summary Microsoft Windows operating systems prior to Windows 10 are vulnerable to this issue. The following Windows operating systems are vulnerable to this issue.

Windows 7 (not enabled by default)

Windows 7
Windows 2008 Server
Windows 2008 R2 Server
Windows 2012 Server
Windows 2012 R2 Server
Windows 2016 Server
An option to turn off NLA by default.
An option to turn off NLA by default.
A default setting is enabled, and NLA is enabled by default.

Windows 7

, Windows 2008, Windows 2008 R2

Windows 7 Service Pack 1 (SP1)

Windows 7 with Internet Explorer and Windows 2008 R2 Server Core

Microsoft released security update MS14-045 on August 14, 2014 that addresses this issue. Microsoft recommends updating to the latest service packs and updates for Windows operating systems prior to Windows 10.

Windows Vista (all editions)

Windows Server 2008 (all editions)
Windows 7 (all editions)
Windows 2003 (all editions)
Windows 8.1 (all editions)
Windows 2012 R2 (all editions)
Windows 2016 (all editions)
In Windows operating systems prior to Windows 10, the Network Location Awareness service is enabled by default. NLA is a network monitoring service that sends and receives data via the ICMP protocol. ICMP is used to determine the location of the sending host to which data packets are routed. NLA is enabled by default and is exposed to the outside world. As a result, any attacker that can exploit an NLA service can read the location of the machine and send data packets to other hosts. NLA is enabled by default on Windows 7 and Windows 2008 servers.

Timeline

Published on: 10/11/2022 19:15:00 UTC
Last modified on: 10/11/2022 19:16:00 UTC

References

• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37984
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37984