{"id":110923,"date":"2020-11-10T10:29:55","date_gmt":"2020-11-10T18:29:55","guid":{"rendered":"\/blogs\/?p=110923"},"modified":"2024-02-16T11:15:05","modified_gmt":"2024-02-16T19:15:05","slug":"cve-2020-17051-remote-kernel-heap-overflow-in-nfsv3-windows-server","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2020-17051-remote-kernel-heap-overflow-in-nfsv3-windows-server\/","title":{"rendered":"CVE-2020-17051: Remote kernel heap overflow in NFSv3 Windows Server"},"content":{"rendered":"

CVSS Score:<\/span><\/b> 9<\/span>.8<\/span>\u00a0<\/span><\/h4>\n

Vector:<\/span><\/b>\u00a0<\/span>CVSS:3.0\/<\/span>AV:N<\/span>\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H\/E:U\/RL:O\/RC:C<\/span>\u00a0<\/span><\/h4>\n

Overview<\/span><\/b>\u00a0<\/span><\/h2>\n

Microsoft released a patch today for a critical vulnerability<\/span>\u00a0(CVE-2020-17051)<\/span>\u00a0in the Windows\u00a0<\/span>NFSv3<\/span><\/a>\u00a0(Network File System)\u00a0<\/span>s<\/span>erver.\u00a0<\/span>NFS is typically used in heterogenous environments of Windows and Unix\/Linux for file sharing.\u00a0<\/span>The vulnerability can be reproduced to<\/span>\u00a0<\/span>cause<\/span>\u00a0an\u00a0<\/span>immediate BSOD (Blue Screen of Death)<\/span>\u00a0within the nfssvr.sys driver.<\/span>\u00a0<\/span>Interestingly, the November patches from Microsoft also include a\u00a0<\/span>remote kernel data read vulnerability<\/span>\u00a0in the same nfssvr.sys driver<\/span>\u00a0(<\/span>CVE-2020-1705<\/span>6<\/span>)<\/span>, which leads to\u00a0<\/span>a potential ASLR (addre<\/span>ss space\u00a0<\/span>layout\u00a0<\/span>randomization<\/span>)\u00a0<\/span>bypass<\/span>. The combination of these two vulnerabilities dramatically increases\u00a0<\/span>the likelihood of\u00a0<\/span>a remote\u00a0<\/span>exploit\u00a0<\/span>when used on<\/span>\u00a0Windows\u00a0<\/span>S<\/span>erver\u00a0<\/span>to bypass\u00a0<\/span>exploit mitigations<\/span>.<\/span>\u00a0<\/span>\u00a0<\/span>CVE-2020-17051\u00a0<\/span>is the first known vulnerability which has been disclosed within the Windows\u00a0<\/span>implementation of the\u00a0<\/span>NFSv3 protocol to the best of our knowledge.<\/span>\u00a0<\/span>\u00a0<\/span><\/p>\n

Threat Surface<\/span><\/b>\u00a0<\/span><\/h2>\n

The vulnerability is believed to impact all versions of Windows\u00a0<\/span>Server\u00a0<\/span>when:<\/span>\u00a0<\/span><\/p>\n

    \n
  1. An<\/span>\u00a0<\/span>authenticated user has\u00a0<\/span>write<\/span>\u00a0<\/span>access to any NFS share<\/span>.<\/span>\u00a0<\/span><\/li>\n
  2. An\u00a0<\/span>NFS share<\/span>\u00a0<\/span>has been configured with\u00a0<\/span>anonymous<\/span>\u00a0<\/span>write\u00a0<\/span>acce<\/span>s<\/span>s<\/span>\u00a0(no authentication required)<\/span>\u00a0<\/span><\/li>\n<\/ol>\n

    A Shodan query reported 38,893 servers with port 2049\u00a0<\/span>exposed to the internet<\/span>; however,<\/span>\u00a0<\/span>it<\/span>\u00a0i<\/span>s<\/span>\u00a0unknown what percentage\u00a0<\/span>of these\u00a0<\/span>servers\u00a0<\/span>are\u00a0<\/span>actually NFS<\/span>\u00a0shares\u00a0<\/span>and\u00a0<\/span>actual<\/span>l<\/span>y\u00a0<\/span>configured with anonymous\u00a0<\/span>write\u00a0<\/span>access.<\/span>\u00a0<\/span>The\u00a0<\/span>network share discovery technique<\/span><\/a>\u00a0is typically used by an adversary within the<\/span>\u00a0discovery phase of the MITRE ATT&CK framework with the objective to gain further privileges.<\/span>\u00a0<\/span>CVE-2020-1705<\/span>1 would give adversaries the ability to spread\u00a0<\/span>worm<\/span>–<\/span>like within heterogenous Windows and Unix\/Linux environments using anonymous write access file shares over NFSv3.<\/span>\u00a0<\/span><\/p>\n

    Mitigation<\/span><\/b>\u00a0<\/span><\/h2>\n

    Patching is always the first and most effective course of action.\u00a0<\/span>If it\u2019s not possible to\u00a0<\/span>patch,<\/span>\u00a0the<\/span>\u00a0best mitigation is to<\/span>\u00a0limit Windows\u00a0<\/span>NFSv3\u00a0<\/span>server share write access<\/span>\u00a0internally and block<\/span>\u00a0<\/span>an<\/span>y<\/span>\u00a0external access to vulnerable servers.\u00a0<\/span>For those McAfee customers who are unable to deploy the Windows patch, the following Network Security Platform (NSP) signatures will provide a virtual patch against attempted exploitation of this vulnerability<\/span>.<\/span>\u00a0<\/span><\/p>\n

    NSP Attack ID: 0x40c01200 –\u00a0<\/span>NFS\u00a0<\/span>Microsoft Windows Network File System Remote Code Execution Vulnerability (CVE-2020-17051)<\/span>\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

    CVSS Score: 9.8\u00a0 Vector:\u00a0CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H\/E:U\/RL:O\/RC:C\u00a0 Overview\u00a0 Microsoft released a patch today for a critical vulnerability\u00a0(CVE-2020-17051)\u00a0in the Windows\u00a0NFSv3\u00a0(Network File System)\u00a0server.\u00a0NFS is typically…<\/p>\n","protected":false},"author":1061,"featured_media":102607,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[],"coauthors":[5657,5354],"class_list":["post-110923","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-mcafee-labs"],"acf":[],"yoast_head":"\nCVE-2020-17051: Remote kernel heap overflow in NFSv3 Windows Server | McAfee Blog<\/title>\n<meta name=\"description\" content=\"CVSS Score: 9.8\u00a0 Vector:\u00a0CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H\/E:U\/RL:O\/RC:C\u00a0 Overview\u00a0 Microsoft released a patch today for a critical\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CVE-2020-17051: Remote kernel heap overflow in NFSv3 Windows Server | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"CVSS Score: 9.8\u00a0 Vector:\u00a0CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H\/E:U\/RL:O\/RC:C\u00a0 Overview\u00a0 Microsoft released a patch today for a critical\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2020-17051-remote-kernel-heap-overflow-in-nfsv3-windows-server\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2020-11-10T18:29:55+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-02-16T19:15:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/07\/threat-hunting-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"500\" \/>\n\t<meta property=\"og:image:height\" content=\"263\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Eoin Carroll, Steve Povolny\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@w3knight\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Eoin Carroll, Steve Povolny\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2020-17051-remote-kernel-heap-overflow-in-nfsv3-windows-server\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2020-17051-remote-kernel-heap-overflow-in-nfsv3-windows-server\/\"},\"author\":{\"name\":\"Eoin Carroll\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/6e361f03260be663c75dcf535cf8594d\"},\"headline\":\"CVE-2020-17051: Remote kernel heap overflow in NFSv3 Windows Server\",\"datePublished\":\"2020-11-10T18:29:55+00:00\",\"dateModified\":\"2024-02-16T19:15:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2020-17051-remote-kernel-heap-overflow-in-nfsv3-windows-server\/\"},\"wordCount\":392,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2020-17051-remote-kernel-heap-overflow-in-nfsv3-windows-server\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/07\/threat-hunting-1.png\",\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2020-17051-remote-kernel-heap-overflow-in-nfsv3-windows-server\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2020-17051-remote-kernel-heap-overflow-in-nfsv3-windows-server\/\",\"name\":\"CVE-2020-17051: Remote kernel heap overflow in NFSv3 Windows Server | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2020-17051-remote-kernel-heap-overflow-in-nfsv3-windows-server\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2020-17051-remote-kernel-heap-overflow-in-nfsv3-windows-server\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/07\/threat-hunting-1.png\",\"datePublished\":\"2020-11-10T18:29:55+00:00\",\"dateModified\":\"2024-02-16T19:15:05+00:00\",\"description\":\"CVSS Score: 9.8\u00a0 Vector:\u00a0CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H\/E:U\/RL:O\/RC:C\u00a0 Overview\u00a0 Microsoft released a patch today for a critical\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2020-17051-remote-kernel-heap-overflow-in-nfsv3-windows-server\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2020-17051-remote-kernel-heap-overflow-in-nfsv3-windows-server\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2020-17051-remote-kernel-heap-overflow-in-nfsv3-windows-server\/#primaryimage\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/07\/threat-hunting-1.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/07\/threat-hunting-1.png\",\"width\":500,\"height\":263},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2020-17051-remote-kernel-heap-overflow-in-nfsv3-windows-server\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"CVE-2020-17051: Remote kernel heap overflow in NFSv3 Windows Server\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/6e361f03260be663c75dcf535cf8594d\",\"name\":\"Eoin Carroll\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/b189b41d5342c1f01c13b31cd502abee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/03\/Eoin-Carroll-Pic-1-96x96.jpg\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/03\/Eoin-Carroll-Pic-1-96x96.jpg\",\"caption\":\"Eoin Carroll\"},\"description\":\"Eoin Carroll is a Principal Engineer and Senior Vulnerability Researcher on the McAfee Advanced Threat Research team, focused on researching the trustworthiness of emerging computing platforms and protocols. He also analyzes critical industry vulnerabilities and innovates advanced threat defenses. He has 20 years of diverse experience, from electronic engineering to a variety of offensive and defensive security roles. For the first decade of his career he worked as an electronic engineer in both the semiconductor and medical device industries, gaining a wealth of engineering and risk experience. During the second decade he has been building his career in platform security through Product Security, reverse engineering critical industry vulnerabilities and designing exploit protections. In addition, he has lead Product Security teams, mentored many Product Security Engineers\/Architects, supported local universities to keep their security curriculum relevant to industry needs and regularly speaks at universities and STEM events to inspire the next generation of security talent. He is very passionate about analyzing the security models of emerging platforms and protocols against the current and future threat landscape. His work experience includes threat modeling, secure platform design, memory forensics, vulnerability and exploit analysis, reverse engineering, product engineering, operating system internals and incident response.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/eoin-carroll-641ba08\/\",\"https:\/\/x.com\/w3knight\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/eoin-carroll\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CVE-2020-17051: Remote kernel heap overflow in NFSv3 Windows Server | McAfee Blog","description":"CVSS Score: 9.8\u00a0 Vector:\u00a0CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H\/E:U\/RL:O\/RC:C\u00a0 Overview\u00a0 Microsoft released a patch today for a critical","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"CVE-2020-17051: Remote kernel heap overflow in NFSv3 Windows Server | McAfee Blog","og_description":"CVSS Score: 9.8\u00a0 Vector:\u00a0CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H\/E:U\/RL:O\/RC:C\u00a0 Overview\u00a0 Microsoft released a patch today for a critical","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2020-17051-remote-kernel-heap-overflow-in-nfsv3-windows-server\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2020-11-10T18:29:55+00:00","article_modified_time":"2024-02-16T19:15:05+00:00","og_image":[{"width":500,"height":263,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/07\/threat-hunting-1.png","type":"image\/png"}],"author":"Eoin Carroll, Steve Povolny","twitter_card":"summary_large_image","twitter_creator":"@w3knight","twitter_site":"@McAfee","twitter_misc":{"Written by":"Eoin Carroll, Steve Povolny","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2020-17051-remote-kernel-heap-overflow-in-nfsv3-windows-server\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2020-17051-remote-kernel-heap-overflow-in-nfsv3-windows-server\/"},"author":{"name":"Eoin Carroll","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/6e361f03260be663c75dcf535cf8594d"},"headline":"CVE-2020-17051: Remote kernel heap overflow in NFSv3 Windows Server","datePublished":"2020-11-10T18:29:55+00:00","dateModified":"2024-02-16T19:15:05+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2020-17051-remote-kernel-heap-overflow-in-nfsv3-windows-server\/"},"wordCount":392,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2020-17051-remote-kernel-heap-overflow-in-nfsv3-windows-server\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/07\/threat-hunting-1.png","articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2020-17051-remote-kernel-heap-overflow-in-nfsv3-windows-server\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2020-17051-remote-kernel-heap-overflow-in-nfsv3-windows-server\/","name":"CVE-2020-17051: Remote kernel heap overflow in NFSv3 Windows Server | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2020-17051-remote-kernel-heap-overflow-in-nfsv3-windows-server\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2020-17051-remote-kernel-heap-overflow-in-nfsv3-windows-server\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/07\/threat-hunting-1.png","datePublished":"2020-11-10T18:29:55+00:00","dateModified":"2024-02-16T19:15:05+00:00","description":"CVSS Score: 9.8\u00a0 Vector:\u00a0CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H\/E:U\/RL:O\/RC:C\u00a0 Overview\u00a0 Microsoft released a patch today for a critical","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2020-17051-remote-kernel-heap-overflow-in-nfsv3-windows-server\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2020-17051-remote-kernel-heap-overflow-in-nfsv3-windows-server\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2020-17051-remote-kernel-heap-overflow-in-nfsv3-windows-server\/#primaryimage","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/07\/threat-hunting-1.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/07\/threat-hunting-1.png","width":500,"height":263},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cve-2020-17051-remote-kernel-heap-overflow-in-nfsv3-windows-server\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"CVE-2020-17051: Remote kernel heap overflow in NFSv3 Windows Server"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/6e361f03260be663c75dcf535cf8594d","name":"Eoin Carroll","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/b189b41d5342c1f01c13b31cd502abee","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/03\/Eoin-Carroll-Pic-1-96x96.jpg","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/03\/Eoin-Carroll-Pic-1-96x96.jpg","caption":"Eoin Carroll"},"description":"Eoin Carroll is a Principal Engineer and Senior Vulnerability Researcher on the McAfee Advanced Threat Research team, focused on researching the trustworthiness of emerging computing platforms and protocols. He also analyzes critical industry vulnerabilities and innovates advanced threat defenses. He has 20 years of diverse experience, from electronic engineering to a variety of offensive and defensive security roles. For the first decade of his career he worked as an electronic engineer in both the semiconductor and medical device industries, gaining a wealth of engineering and risk experience. During the second decade he has been building his career in platform security through Product Security, reverse engineering critical industry vulnerabilities and designing exploit protections. In addition, he has lead Product Security teams, mentored many Product Security Engineers\/Architects, supported local universities to keep their security curriculum relevant to industry needs and regularly speaks at universities and STEM events to inspire the next generation of security talent. He is very passionate about analyzing the security models of emerging platforms and protocols against the current and future threat landscape. His work experience includes threat modeling, secure platform design, memory forensics, vulnerability and exploit analysis, reverse engineering, product engineering, operating system internals and incident response.","sameAs":["https:\/\/www.linkedin.com\/in\/eoin-carroll-641ba08\/","https:\/\/x.com\/w3knight"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/eoin-carroll\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/110923","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/1061"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=110923"}],"version-history":[{"count":1,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/110923\/revisions"}],"predecessor-version":[{"id":182778,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/110923\/revisions\/182778"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media\/102607"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=110923"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=110923"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=110923"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=110923"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}