On November 10, 2020, Microsoft had issued a risk notice for a remote code execution vulnerability in the Windows network file system. The vulnerability number is CVE-2020-17051, the vulnerability level is critical. The CVSS:3.0 score is 9.8/8.5.
Network File System (NFS) is a distributed file system that strives to allow client hosts to access server-side files, and the process is the same as when accessing local storage. An unauthorized attacker can cause a memory heap overflow in the network file system (NFSv3) of the target Windows by sending malicious NFS packets and then get remote code execution.
- Microsoft Windows 7/8/10
- Microsoft Windows Server 2008/2012/2016/2019
In this regard, we recommend that users upgrade Windows to the latest version in time.