
EBook – Understand and Implement Integrated Cyber Risk Management As organizations grow larger, so does the need to implement…
Threat
Remote Code Execution through Microsoft RPC
Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2022-26809)1
Description
Of the 128 vulnerabilities in Microsoft’s April patch, 10 have a critical severity but CVE-2022-26809 is raising the most concern. The vulnerability affects windows hosts running Remote Procedure Call Runtime (RPC)2. Server Message Block (SMB)3 protocol is commonly used in conjunction with RPC, causing TCP port 445 a likely attack vector.
This vulnerability can result in remote code execution and allows for self-propagating exploits. WORMs require no user interaction to spread throughout a company’s network. There is little information currently to determine if this vulnerability is being actively exploited, but with the potential to spread, it would only seem a matter of time before it is used in attacks.
Recommendations / Remediation
Contact FortifyData for a demonstration and discussion on how we can identify this vulnerability through our internal risk assessment.
Block TCP port 445 at the enterprise perimeter firewall4
Install KB5012666: Windows Server 2012 Security Update (April 2022)
**These are generalized recommendations that may not be effective for all organizations and environments. **
References
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |